PT-2021-4317 · Vmware · Vmware Vsphere Life-Cycle Manager+3

Sergey Gerasimov

Published

2021-09-22

Updated

2021-09-30

CVE-2021-22018

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions (affected versions not specified)

Description The issue is related to errors in privilege management in the VMware vSphere Life-cycle Manager module of the VMware vCenter Server virtual infrastructure management tool, which is part of the VMware Cloud Foundation virtualization platform. This can allow a remote attacker to delete arbitrary files. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non-critical files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2021-04926

CVE-2021-22018

ZDI-21-1105

Affected Products

Vmware Vcenter

Vmware Cloud Foundation

Vmware Vcenter Server

Vmware Vsphere Life-Cycle Manager

PT-2021-4317 · Vmware · Vmware Vsphere Life-Cycle Manager+3

CVE-2021-22018

Weakness Enumeration

Related Identifiers

Affected Products

References · 7