Skip to content

CISA, VMWare warn of active exploitation of high-severity vulnerability CVE-2021-22005

Posted by: GuidePoint Security

< 1 min read

Published 10/07/21, 9:00am

Threat actors are taking advantage of a widely available exploit for a remote code execution vulnerability tracked as CVE-2021-22005. VMWare disclosed the bug on 9/21, followed by a second disclosure on 9/24 that the bug was being exploited in the wild. Organizations are advised to patch impacted servers immediately, as the bug has a Common Vulnerability Scoring System (CVSS) rating of 9.8, indicating high severity.

The impacted product is VMware vCenter Server, specifically versions 6.5, 6.7, and 7.0. VMware advises that regardless of configuration settings, the vulnerability is exploitable by anyone that “can reach vCenter Server over the network to gain access.” 

The Cybersecurity and Infrastructure Security Agency (CISA) has also issued a warning advising affected organizations to patch systems immediately or apply VMware’s temporary workaround.

Next Steps

Affected VMware users are being advised to update to vCenter Server version 7.0 immediately. If the update is delayed, organizations are advised to apply a temporary workaround involving an update to the “/etc/vmware-analytics/ph-web.xml” file and a restart of the vmware-analytics service.

Categories: Blog Cybersecurity

GuidePoint Security

Staying Current Is Looking Forward: Reorienting Vulnerability Management
60 minutes   |   Online “Staying Current is Looking Forward: Reorienting Vulnerability Management” presented by GuidePoint Security’s Chris Peltz, […]
Watch Now

Related Articles

View All

  • Vulnerability Management & Penetration Testing
Staying Current Is Looking Forward: Reorienting Vulnerability Management
Read More < 1 min read
  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Network & Infrastructure Security
Managing an Expanded Security Perimeter: The New “Normal”
Read More < 1 min read