HC3 Alert: VMWare Discloses Numerous Vulnerabilities Posing Active Threat to Healthcare and Public Health Sector

On September 21, 2021, VMware disclosed numerous vulnerabilities affecting their vCenter Server and Cloud Foundation products, some of which could be exploited for the deployment of ransomware or other malicious activity. Working exploits have already been detected and additional exploits are highly likely to become available soon. VMware recommends that customers install available updates, patches, or workarounds immediately to mitigate these vulnerabilities in affected VMware products.

Report

On September 21, 2021, VMware disclosed nineteen (19) vulnerabilities affecting their vCenter Server and Cloud Foundation products. Security researchers are particularly concerned about CVE-2021-22005, which was given a CVSSv3 severity rating of 9.8/10 and which could enable a threat actor with network access to port 443 on vCenter Server to upload a malicious file and exploit an unpatched server. Researchers are particularly concerned that this vulnerability (CVE-2021-22005) could be exploited to deploy ransomware on a target organization’s network. According to VMware, updates are available to remediate these vulnerabilities in the affected VMware products.

VMWare vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware Cloud Foundation provides a complete set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps—traditional or containerized —in private or public environments.

View the entire HC3 Sector Alert below.