CVE-2021-22015
VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
vCenter Server contiene mĂșltiples vulnerabilidades de escalada de privilegios locales debido a permisos inapropiados de archivos y directorios. Un usuario local autenticado con privilegios no administrativos puede explotar estos problemas para elevar sus privilegios a root en vCenter Server Appliance
This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the permissions of root-owned service files. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-09-22 CVE Published
- 2023-05-09 First Exploit
- 2024-02-23 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/PenteraIO/vScalation-CVE-2021-22015 | 2023-05-09 | |
http://packetstormsecurity.com/files/170116/VMware-vCenter-vScalation-Privilege-Escalation.html | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0020.html | 2023-02-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | >= 3.0 < 5.0 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 3.0 < 5.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0" | - |
Affected
|