Report DIVD-2021-00036-vCenter Server Arbitrary File Read Vulnerability
Written on 19 Feb 2022 by Gerard Janssen
Case lead:
Matthijs Koot
Researchers:
Lennaert Oudshoorn
,
Victor Gevers
Case file: DIVD-2021-00036
On November 23, 2021, VMware has released security updates for vCenter Server, addressing several vulnerabilities. VMware vCenter Server is a centralized management utility, used to manage multiple virtual machines from a single location (See also DIVD-2021-00010). Researchers found that VMware vCenter Server versions 6.5 or 6.7, and Cloud Foundation 3.x are vulnerable, because of an arbitrary file read, a server-side request forgery (SSRF) and a cross site scripting (XSS) vulnerability. Unauthenticated malicious actors could exploit these vulnerabilities to gain access to sensitive information.
December 3, 2021, DIVD started scanning for these versions and notified system administrators to upgrade VMware vCenter Server to the latest version as soon as possible.
Timeline
| Date | Description |
|---|---|
| 23-11-2021 | VMWare publishes security updates for vCenter Server and releases a patch. |
| 24-11-2021 | US Cybersecurity and Infrastructure Security Agency publishes a security advisory. |
| 03-12-2021 | Proof of Concept code becomes publicly available. DIVD starts scanning for (CVE-2021-21980) and detects 82 vulnerable systems worldwide. |
| 05-12-2021 | DIVD CSIRT sends mail to the owners of the vulnerable systems. |
| 12-01-2021 | DIVD scans the internet again and finds 4 vulnerable hosts. Case closed |