#VU56802 Path traversal in vCenter Server - CVE-2021-22013

Cybersecurity Help s.r.o.

Published: 2021-09-21

Vulnerability identifier: #VU56802

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-22013

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
vCenter Server
Server applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the appliance management API. A remote non-authenticated attacker can send a specially crafted HTTP request to port 443/TCP and read arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

vCenter Server: 6.5 U1 - 6.5.0

External links
https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC PowerProtect DP Series (Integrated Data Protection Appliance)

Dell EMC Enterprise Hybrid Cloud update for VMware products

Multiple vulnerabilities in Dell EMC VxRail Appliance

Multiple vulnerabilities in VMware vCenter Server