Action Recommended: VMware vCenter Server, Patch Accordingly

Attention: Members who use VMware vCenter Server within their environments are encouraged to review available advisories, address accordingly, and apply the necessary updates for impacted systems. Active scanning has been specifically observed for CVE-2021-22005. On September 21, 2021, CISA posted current activity report, VMware Releases Security Updates.

Exploitation of CVE-2021-22005 by an unauthenticated attacker could lead to remote code execution. This flaw impacts all vCenter Server 6.7 and 7.0 deployments with default configurations. VMware urges users not to ignore the advisory and warns that attackers who may have breached their systems could have access to vCenter servers from inside the corporate network. Researchers have observed active scanning and indicate this vulnerability is trivial to exploit. Access VMware for more on this and the other (18) flaws addressed/patched by the September 21, 2021 Security Advisory.

Additional Resources:

• https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/vmware-releases-security-updates
• https://www.vmware.com/security/advisories/VMSA-2021-0020.html
• https://www.securityweek.com/vmware-vcenter-servers-hacker-crosshairs-after-disclosure-new-flaw
• https://www.helpnetsecurity.com/2021/09/22/cve-2021-22005/
• https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/