CIO Influence
Automation CIO Influence News

Pentera Finds Two Zero-Day Vulnerabilities in VMWare vCenter, Exposing More Than 500,000 Companies Globally

Pentera Finds Two Zero-Day Vulnerabilities in VMWare vCenter, Exposing More Than 500,000 Companies Globally

Combining Two Reported Zero-Day Vulnerabilities CVE-2021-22015 and newfound CVE-2022-22948 Could Result in Remote Takeover of Critical ESXi Managed Environments

Pentera, the leader in Automated Security Validation (ASV), announced its Pentera Labs team discovered two zero-day vulnerabilities. If exploited by threat actors, the critical attack path may result in the ability to disable, disrupt and destroy VMware vCenter managed environments in over 500,000 organizations globally.

The vulnerabilities were reported to VMware by Senior Security Researcher Yuval Lazar and released under CVE-2022-22948 and CVE-2021-22015 with a patch. Pentera Labs’ technical review of the vulnerabilities can be found hereDiscovered vulnerabilities require immediate patching to prevent malicious actors from achieving remote access to vCenter and inflicting widespread damage on organizations.

Top iTechnology Cloud News: Data Theorem Provides Security Notifications for Modern Cloud Applications Running on AWS Security Hub

Installed in thousands of organizations worldwide and managing some of their most critical asset and core systems, VMware vCenter Servers are a high-priority target for cybercriminals. Once compromised, the ease and convenience that vCenter offers for managing virtualized hosts in enterprise environments will play into the adversary’s hands, providing centralized access and widespread Impact.

“As part of our daily work, we research the entire enterprise IT attack surfaces, including the exploitability of virtual workload environments such as vCenter and ESXi and discovered zero-day vulnerabilities,” said Alex Spivakovsky, VP of Research at Pentera. “We’re glad to have discovered and immediately disclosed these vulnerabilities to strengthen the defender community and have not seen evidence that malicious actors exploited it at this time.”

Top iTechnology IOT News: Checkit Announces IoT Partnership With Norwegian Tech Company Disruptive Technologies to Integrate World’s Smallest Sensors Into Smart Buildings

Pentera Labs discovered two vulnerabilities in VMWare’s vCenter that, if combined into a single attack vector, would allow malicious actors to take over an organization’s ESXi virtual computing infrastructure.

  • CVE-2021-22015: The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
  • CVE-2022-22948: The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Pentera’s interest in VMWare’s vCenter started because of previously reported vulnerabilities, increasing demand from customers and threats observed in the wild, most notably recent reports of a python ransomware strain targeting ESXi. The team will continue to identify potential vulnerabilities within the platform that could affect businesses globally.

“Security readiness is not determined by a single vulnerability or the security team’s ability to discover and patch it,” said Pentera co-founder and CTO, Dr. Arik Liberzon. “Our award-winning security validation platform autonomously emulates the entire cyberattack kill chain and provides peace of mind for security leaders facing a multitude of internal and external attacks.”

Top iTechnology Analytics News: Millennium Corp Unlocks the Power of Infused Analytics With Sisense, Bolstering Accountability Across Its Businesses

[To share your insights with us, please write to]

Related posts

Zixi and Verizon Business Team to Offer Next-Generation 5G M&E Workflows

PR Newswire

Communication Technology Services and Druid Software partner for 5G and 4G private wireless networks for the enterprise

CIO Influence News Desk

Atera and Cynet Announce Cybersecurity Alliance to Maximize MSP Margins

Business Wire

Leave a Comment