On September 21, 2021, VMware disclosed that
its vCenter Server is affected by an arbitrary file upload
vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor
with network access to port 443 can exploit this vulnerability to execute code
on vCenter Server.
On September 24, 2021, VMware confirmed reports
that CVE-2021-22005 is being exploited in the wild. Security researchers are
also reporting mass scanning for vulnerable vCenter Servers and publicly
available exploit code. Due to the availability of exploit code, CISA expects
widespread exploitation of this vulnerability.
To mitigate CVE-2021-22005, CISA strongly urges
critical infrastructure entities and other organizations with affected vCenter
Server versions to take the following actions.