CVE-2021-22005

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version

Description The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. Thousands of potentially vulnerable servers are accessible through the Internet and are at risk of attacks. There have been real-world incidents where this issue was exploited, including an attack on the European retail giant MediaMarkt, which resulted in a ransom demand of $240 million and the disruption of IT systems and store operations.

Recommendations For versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the Analytics service and port 443 to minimize the risk of exploitation. Additionally, follow best practices such as regularly updating software, being cautious when using online conferencing applications, and not attempting to hide data breaches to reduce the risk of cyber incidents.