{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2021-065.pdf" }, "title": "Vulnerabilities in VMware Products", "serial_number": "2021-065", "publish_date": "25-11-2021 08:55:00", "description": "On November 23, VMWare has released the VMSA-2021-0027 advisory that addresses two vulnerabilities in vCenter Server and Cloud Foundation. An attacker could exploit these vulnerabilities to read sensitive files (\"CVE-2021-21980\" - unauthorised arbitrary file read vulnerability) or to induce the server to make connections to arbitrary destinations (\"CVE-2021-22049\" - SSRF vulnerability).", "url_title": "2021-065", "content_markdown": "---\ntitle: 'Vulnerabilities in\u00a0VMware\u00a0Products'\nversion: '1.0'\nnumber: '2021-065'\ndate: 'November 25, 2021'\n---\n\n_History:_\n\n* _22/09/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn November 23, VMWare has released the VMSA-2021-0027 advisory [1] that addresses two vulnerabilities in vCenter Server and Cloud Foundation. An attacker could exploit these vulnerabilities to read sensitive files (`CVE-2021-21980` - unauthorised arbitrary file read vulnerability) or to induce the server to make connections to arbitrary destinations (`CVE-2021-22049` - SSRF vulnerability).\n\n# Technical Details\n\nThe vulnerability `CVE-2021-21980` (CVSSv3 score of 7.5 out of 10) could allow a remote attacker with network access to port 443 on vCenter Server to gain access to sensitive information by reading unauthorised files on the server.\n\nThe vulnerability `CVE-2021-22049` (CVSSv3 score of 6.5 out of 10) could allow a remote attacker with network access to port 443 on vCenter Server to read or modify internal resources that the target server has access to, by sending specially crafted HTTP requests, resulting in the unauthorised exposure of information [2].\n\n# Affected Products\n\nThe `CVE-2021-21980` and `CVE-2021-22049` vulnerabilities impact the following versions [1]:\n\n- VMWare vCenter Server versions 6.5 and 6.7\n- VMware Cloud Foundation version 3.x (the patch is pending)\n\n# Recommendations\n\nVMware and CERT-EU recommend installing relevant updates when possible and monitoring the release of the patch for the VMware Cloud Foundation product.\n\n# References\n\n[1] \n\n[2] \n", "content_html": "

History:

Summary

On November 23, VMWare has released the VMSA-2021-0027 advisory [1] that addresses two vulnerabilities in vCenter Server and Cloud Foundation. An attacker could exploit these vulnerabilities to read sensitive files (CVE-2021-21980 - unauthorised arbitrary file read vulnerability) or to induce the server to make connections to arbitrary destinations (CVE-2021-22049 - SSRF vulnerability).

Technical Details

The vulnerability CVE-2021-21980 (CVSSv3 score of 7.5 out of 10) could allow a remote attacker with network access to port 443 on vCenter Server to gain access to sensitive information by reading unauthorised files on the server.

The vulnerability CVE-2021-22049 (CVSSv3 score of 6.5 out of 10) could allow a remote attacker with network access to port 443 on vCenter Server to read or modify internal resources that the target server has access to, by sending specially crafted HTTP requests, resulting in the unauthorised exposure of information [2].

Affected Products

The CVE-2021-21980 and CVE-2021-22049 vulnerabilities impact the following versions [1]:

Recommendations

VMware and CERT-EU recommend installing relevant updates when possible and monitoring the release of the patch for the VMware Cloud Foundation product.

References

[1] https://www.vmware.com/security/advisories/VMSA-2021-0027.html

[2] https://portswigger.net/web-security/ssrf

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }