CVE-2021-22018
VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
vCenter Server contiene una vulnerabilidad de eliminación arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no crÃticos
This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Update Manager. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of the service account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-09-22 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0020.html | 2021-09-30 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | >= 4.0 < 4.3.1 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 4.0 < 4.3.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0" | - |
Affected
|