CVE-2021-22015

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions vCenter Server Appliance (affected versions not specified)

Description The vCenter Server contains multiple local privilege escalation issues due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance. The vulnerability is related to insecure management of privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Files Accessible to External Parties

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552CWE-269

Related Identifiers

BDU:2021-04920

CVE-2021-22015

ZDI-21-1106

ZDI-21-1108

Affected Products

Vmware Vcenter

Vcenter Server Appliance

CVE-2021-22015

Weakness Enumeration

Related Identifiers

Affected Products

References · 14