The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (331 words)

Exploits imminent for critical VMware vCenter CVE-2021-22005 bug

583 Hits

Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online.

Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Technical notes available

The vulnerability affects machines running vCenter Server versions 6.5, 6.7, and 7.0. Given the severity of the issue, VMware urges administrators to act immediately and assume that an adversary is already on the network, ready to take advantage.

Earlier today, Vietnamese security researcher Jang published technical notes for CVE-2021-22005 based on the workaround and the patch from VMware.

The details are enough for experienced developers to create a working exploit that allows remote code execution with root privileges, the researcher told us.

At the end of the post, Jang also provides a GitHub link to his PoC version for CVE-2021-22005. It is not a fully functional variant, though, intentionally so to prevent less skilled threat actors from using it in attacks directly.

The researcher told us that as it is now, the code can do nothing because its completion status is around 90% and it is missing the important part.

An adversary would have to put in some effort to turn it into a full-fledged exploit but they should be able to create an exploit that is 100% reliable.

Penetration tester and Synack Envoy Nicolas Krassas tested the code and confirmed that it needs some modifications to work properly. But it does prove that CVE-2021-22005 can be used to create a backdoor on a vulnerable system.

Attacks expected soon

Jang built a fully functional exploit and tested it in a controlled environment. He said that it works just fine, obtaining remote code execution before detection can catch it.

Threat actors have shown interest in this vulnerability shortly after its disclosure. Just hours after a patch became available, threat intelligence company Bad Packets saw scanning activity targeting CVE-2021-22005.

 

0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Capita warns customers they should assume data was...

About the author

Ionut Ilascu

Ionut Ilascu

Ionut Ilascu is a technology writer with a focus on all things cybersecurity. The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia.
Author's recent posts
More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Friday, 09 May 2025

Captcha Image

Top Breaches Cost ($) of 2024

HEALTHCARE
FINANCIAL
INDUSTRIAL
TECHNOLOGY
ENERGY
Source: IBM Cost of a Data Breach Report 2024