The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-22005 | VMware vCenter Server File Upload Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited by an adversary who can access the vCenter Server over the network. The adversary uploads a crafted file to the server's analytics service via port 443, exploiting the file upload vulnerability. This results in remote code execution on the host. Threat actors have been observed leveraging this vulnerability, identified as CVE-2021-22005, using code released by security researcher Jang, to gain unauthorized access to vCenter servers.
References
|
| CVE-2021-22005 | VMware vCenter Server File Upload Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited by an adversary who can access the vCenter Server over the network. The adversary uploads a crafted file to the server's analytics service via port 443, exploiting the file upload vulnerability. This results in remote code execution on the host. Threat actors have been observed leveraging this vulnerability, identified as CVE-2021-22005, using code released by security researcher Jang, to gain unauthorized access to vCenter servers.
References
|