VMware patches Critical vCenter Server vulnerability (CVE-2021-22005) exploited in the wild

VMware patches vCenter Server Critical vulnerability (CVE-2021-22005) exploited in the wild

VMware issued a security advisory and patches for multiple vulnerabilities that impact VMware vCenter Server. One of those fixed issues is a Critical vulnerability exploited in the wild.

An attacker could exploit these vulnerabilities and potentially take over impacted systems.


The VMware vCenter Server updates address a Critical upload vulnerability (CVE-2021-22005) in the Analytics service.

“A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file,” VMware warned in the advisory.

Moreover, VMware “has confirmed reports that CVE-2021-22005 is being exploited in the wild.

The CVSSv3 base score is rated 9.8.

Other vCenter vulnerabilities

VMware also patched multiple other High severity vulnerabilities (by CVSS score) to include:

  • CVE-2021-21991: vCenter Server local privilege escalation vulnerability
  • CVE-2021-22011: vCenter server unauthenticated API endpoint vulnerability
  • CVE-2021-22015: vCenter Server improper permission local privilege escalation vulnerabilities
  • CVE-2021-22012: vCenter Server unauthenticated API information disclosure vulnerability
  • CVE-2021-22017: vCenter Server rhttpproxy bypass vulnerability
  • CVE-2021-22014: vCenter Server authenticated code execution vulnerability
  • CVE-2021-22018: vCenter Server file deletion vulnerability.

The CVSSv3 base scores range from 7.0 to 8.8.

In addition, VMware fixed multiple Medium severity vulnerabilities (with CVSS scores of 4.3 to 6.7).

Readers may recall when security researchers discovered just this past June thousands of vulnerable unpatched VMware vCenter servers were exposed on the internet. Multiple proof-of-concepts (PoCs) were also posted online for exploits against a remote code execution vulnerability.

This further reinforces the urgency to patch impacted systems as soon as possible.

Related Articles