Highlights and Updates

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

Monday, 27th September 2021

On September 21, 2021,VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyberactor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

On September 24, 2021,VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability.

To mitigateCVE-2021-22005, we strongly urge critical infrastructure entities and other organizations with affected vCenter Server versions to take the following actions.