vScalation (CVE-2021-22015) Local Privilege Escalation in VMware vCenter

8 Pages

Pentera Labs uncovered CVE-2021-22015, a local privilege escalation flaw in VMware vCenter affecting versions 6.5 to 7.0. The issue stems from the java-wrapper-vmon file, which runs with root privileges but was writable by members of the cis group. Attackers gaining shell access as a low-privileged cis user, such as through CVE-2021-21972, could insert malicious code into this file. Restarting vCenter services or the host would then execute the code as root, enabling full compromise, including ransomware deployment or data theft. VMware patched the flaw in September 2021, urging immediate updates as no workarounds exist.

Join for free to read

Ebook CVE-2022-22948: Sensitive Information Disclosure in VMware…

Vendor Sheet Privilege Escalation: Detect, Investigate and Respond to…

White Paper Identify and Mitigate Risks of Privilege Escalation on Windows…

Vendor Sheet PRIVILEGE ESCALATION IN ON-PREMISES VS. CLOUD ENVIRONMENTS

More from Pentera

Ebook CVE-2022-22948: Sensitive Information Disclosure in VMware…

Ebook The Good, Bad and Compromisable Aspects of Linux eBPF

Ebook Blurring Boundaries: Deciphering the Risks of AWS SSM in Hybrid…

Ebook Reflective loading with Remote Memory Interactions: Controlling…

Ebook

vScalation (CVE-2021-22015) Local Privilege Escalation in VMware vCenter

vScalation (CVE-2021-22015) Local Privilege Escalation in VMware vCenter

You Might Also Like

More from Pentera