First published: Thu Sep 23 2021(Updated: )
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Cloud Foundation | >=4.0<4.3.1 | |
VMware vCenter Server | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22018 is an arbitrary file deletion vulnerability in the vCenter Server, specifically in a VMware vSphere Life-cycle Manager plug-in.
A malicious actor with network access to port 9087 on the vCenter Server can exploit this vulnerability to delete non-critical files.
CVE-2021-22018 has a severity rating of 6.5, which is classified as medium.
VMware Cloud Foundation versions 4.0 to 4.3.1 and VMware vCenter Server version 7.0 are affected by CVE-2021-22018.
VMware has released a security advisory (VMSA-2021-0020) with remediation steps, please refer to the advisory for detailed instructions.