VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability

September 22nd, 2021
ZDI-21-1108 ZDI-CAN-13634

CVE ID

CVE-2021-22015

CVSS Score

7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

VMware

Affected Products

vCenter Server Appliance

Vulnerability Details

This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the permissions of root-owned service files. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.

Additional Details

VMware has issued an update to correct this vulnerability. More details can be found at:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Disclosure Timeline

  • 2021-05-26 - Vulnerability reported to vendor
  • 2021-09-22 - Coordinated public release of advisory

Credit

Sergey Gerasimov and George webpentest Noseevich of SolidLab

Back to Advisories