// For flags

CVE-2021-22018

VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.

vCenter Server contiene una vulnerabilidad de eliminación arbitraria de archivos en un complemento de VMware vSphere Life-cycle Manager. Un actor malicioso con acceso de red al puerto 9087 en vCenter Server puede explotar este problema para eliminar archivos no críticos

This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Update Manager. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of the service account.

*Credits: Sergey Gerasimov of Solidlab
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-04 CVE Reserved
  • 2021-09-22 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-26 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.vmware.com/security/advisories/VMSA-2021-0020.html 2021-09-30
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Cloud Foundation
Search vendor "Vmware" for product "Cloud Foundation"
 >= 4.0 < 4.3.1
Search vendor "Vmware" for product "Cloud Foundation" and version " >= 4.0 < 4.3.1"
-
Affected
Vmware
Search vendor "Vmware"
 Vcenter Server
Search vendor "Vmware" for product "Vcenter Server"
 7.0
Search vendor "Vmware" for product "Vcenter Server" and version "7.0"
-
Affected