vCenter Server File Upload Vulnerability (CVE-2021-22005)


Description

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. This vulnerability impacts vCenter Server versions 6.7 and 7.0. An attacker with network access to port 443 could exploit this vulnerability by uploading a specially crafted file to execute code on vCenter Server.


Detection

Although there is no PoC at this time, ongoing scanning activity has been spotted by threat intelligence company Bad Packets and Idappcom has been able to create a traffic file and matching rule using this information.


Coverage

Idappcom has created signature 8021804 along with a traffic file.


References

CVE-2021-22005

VMSA-2021-0020


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can test your defences and report any issues. Learn more here https://www.idappcom.co.uk/traffic-iq-professional