CVE-2021-22005
CVE-2021-22005
In short
vCenter Server has a flaw in its Analytics service that allows anyone on the network to upload malicious files and take control of the server. This is critical because vCenter Server manages all virtual machines in a data center.
Technical detail
CWE-22 arbitrary file upload vulnerability in vCenter Analytics service accessible via port 443 (HTTPS). An unauthenticated network attacker can upload a specially crafted file to achieve remote code execution. The vulnerability requires only network access to the affected service, making it highly exploitable with no authentication barriers.
Summary generated and translated by AI from the official description.
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · VMware vCenter Server, VMware Cloud Foundationpublic PoCs found — 12
githubgithub.com/shmilylty/cve-2021-22005-exp★ 194githubgithub.com/rwincey/CVE-2021-22005★ 37githubgithub.com/TaroballzChen/CVE-2021-22005-metasploit★ 22githubgithub.com/Jun-5heng/CVE-2021-22005★ 21githubgithub.com/5gstudent/CVE-2021-22005-★ 13githubgithub.com/1ZRR4H/CVE-2021-22005★ 8githubgithub.com/tiagob0b/CVE-2021-22005★ 2githubgithub.com/RedTeamExp/CVE-2021-22005_PoC★ 1githubgithub.com/pisut4152/Sigma-Rule-for-CVE-2021-22005-scanning-activity★ 1githubgithub.com/InventorMAO/cve-2021-22005★ 0githubgithub.com/Jeromeyoung/VMWare-CVE-Check★ 0cve_referencepacketstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →