VMware vCenter Server Appliance Service Lifecycle Manager Incorrect Permission Assignment Privilege Escalation Vulnerability

September 22nd, 2021
ZDI-21-1106 ZDI-CAN-13426

CVE ID

CVE-2021-22015

CVSS Score

7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

VMware

Affected Products

vCenter Server Appliance

Vulnerability Details

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.

The specific flaw exists within the Service Lifecycle Manager. The issue results from incorrect permissions set on a shell script. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

Additional Details

VMware has issued an update to correct this vulnerability. More details can be found at:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Disclosure Timeline

  • 2021-05-18 - Vulnerability reported to vendor
  • 2021-09-22 - Coordinated public release of advisory

Credit

Sergey Gerasimov of Solidlab

Back to Advisories