Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
September 21, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
September 22, 2021Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
September 21, 2021Rewterz Threat Advisory – Multiple Apache Vulnerabilities
September 22, 2021Severity
High
Analysis Summary
CVE-2021-21991
VMware vCenter Server and Cloud Foundation could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of session tokens. An attacker could exploit this vulnerability to escalate privileges to Administrator on the vSphere Client.
CVE-2021-21992
VMware vCenter Server and Cloud Foundation are vulnerable to a denial of service, caused by improper XML entity parsing. A remote authenticated attacker could exploit this vulnerability to cause a denial of service on the vCenter Server host.
CVE-2021-21993
VMware vCenter Server and Cloud Foundation are vulnerable to server-side request forgery, caused by improper validation of URLs in vCenter Server Content Library. By sending a specially-crafted POST request, a remote authenticated attacker could exploit this to obtain sensitive information.
CVE-2021-22005
VMware vCenter Server and Cloud Foundation could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the Analytics service. A remote attacker could exploit this vulnerability to upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVE-2021-22007
VMware vCenter Server and Cloud Foundation could allow a local authenticated attacker to obtain sensitive information, caused by an error in the Analytics service. An attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-22008
VMware vCenter Server could allow a remote attacker to obtain sensitive information. By sending a specially crafted jsonrpc message, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-22009
VMware vCenter Server and Cloud Foundation are vulnerable to a denial of service, caused by an error in VAPI (vCenter API) service. A remote attacker could exploit this vulnerability to consume excessive memory resources.
CVE-2021-22010
VMware vCenter Server and Cloud Foundation are vulnerable to a denial of service, caused by an error in VPXD (Virtual Provisioning X Daemon) service. A remote attacker could exploit this vulnerability to consume excessive memory resources.
CVE-2021-22011
VMware vCenter Server and Cloud Foundation could allow a remote attacker to bypass security restrictions, caused by an unauthenticated API endpoint vulnerability. An attacker could exploit this vulnerability to manipulate VM network settings.
CVE-2021-22012
VMware vCenter Server could allow a remote attacker to obtain sensitive information, caused by an unauthenticated API information disclosure vulnerability. An attacker could exploit this vulnerability to gain access to sensitive information.
CVE-2021-22013
VMware vCenter Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the in the appliance management API containing directory traversal sequences to gain access to sensitive information.
CVE-2021-22014
VMware vCenter Server and Cloud Foundation could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in VAMI (Virtual Appliance Management Infrastructure). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-22015
VMware vCenter Server and Cloud Foundation could allow a local authenticated attacker to gian elevated privileges on the system, caused by improper permissions of files and directories. An attacker could exploit this vulnerability to elevate their privileges to root on vCenter Server Appliance.
CVE-2021-22016
VMware vCenter Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-22017
Rhttproxy as used in VMware vCenter Server and Cloud Foundation could allow a remote attacker to bypass security restrictions, caused by the improper implementation of URI normalization. An attacker could exploit this vulnerability to bypass proxy leading to internal endpoints being accessed.
CVE-2021-22019
VMware vCenter Server and Cloud Foundation are vulnerable to a denial of service, caused by an error in VAPI (vCenter API) service. A remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-22020
VMware vCenter Server and Cloud Foundation are vulnerable to a denial of service, caused by an error in the Analytics service. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
- Unauthorized Access
- Information Disclosure
- Security Bypass
- Code Execution
- Crose-Site Scripting
Affected Vendors
- VMwarE
Affected Products
- VMware vCenter Server 6.5
- VMware vCenter Server 6.7
- VMware vCenter Server 7.0
- VMware Cloud Foundation (vCenter) 3.0
- VMware Cloud Foundation (vCenter) 4.0
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.