DESCRIPTION:
Multiple Vulnerabilities (CVE-2021-21991~21993、22005~22020) Exist in VMware vCenter that could allow for arbitrary code execution. A malicious actor with network access to specific port on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
AFFECTED RELEASES:
vCenter Server 6.5 prior to 6.5 U3q
vCenter Server 6.7 prior to 6.7 U3o
vCenter Server 7.0 prior to 7.0 U2d
Cloud Foundation (vCenter Server) 3.0 prior to 3.10.2.2
Cloud Foundation (vCenter Server) 4.0 prior to 4.3.1
SOLUTION:
Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
REFERENCE:
1. https://www.vmware.com/security/advisories/VMSA-2021-0020.html
2. https://thehackernews.com/2021/09/vmware-warns-of-critical-file-upload.html