¡¾Îó²îͨ¸æ¡¿VMware vCenter Server ÎļþÉÏ´«Îó²î£¨CVE-2021-22005£©

Ðû²¼Ê±¼ä 2021-09-23

0x00 Îó²î¸ÅÊö

CVE     ID

CVE-2021-22005

ʱ      ¼ä

2021-09-21

Àà      ÐÍ

ÎļþÉÏ´«

µÈ      ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


¹¥»÷ÖØƯºó

µÍ

¿ÉÓÃÐÔ

¸ß

Óû§½»»¥

ÎÞ

ËùÐèȨÏÞ

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ


 

0x01 Îó²îÏêÇé

image.png

2021Äê9ÔÂ21ÈÕ£¬£¬£¬£¬VMwareÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬¹ûÕæÅû¶ÁËvCenter ServerÖеÄ19¸öÇå¾²Îó²î£¬£¬£¬£¬ÕâЩÎó²îµÄCVSSv3ÆÀ·Ö¹æģΪ4.3-9.8¡£¡£¡£

ÆäÖУ¬£¬£¬£¬×îΪÑÏÖصÄÎó²îΪvCenter Server ÖеÄí§ÒâÎļþÉÏ´«Îó²î(CVE-2021-22005)£¬£¬£¬£¬¸ÃÎó²î±£´æÓÚvCenter ServerµÄÆÊÎöЧÀÍÖУ¬£¬£¬£¬ÆäCVSSv3ÆÀ·ÖΪ 9.8¡£¡£¡£Äܹ»ÍøÂç»á¼ûvCenter Server É쵀 443 ¶Ë¿ÚµÄ¹¥»÷Õß¿ÉÒÔͨ¹ýÉÏ´«¶ñÒâÎļþÔÚ vCenter Server ÉÏÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£¸ÃÎó²îÎÞÐè¾­ÓÉÉí·ÝÑéÖ¤¼´¿ÉÔ¶³ÌʹÓ㬣¬£¬£¬¹¥»÷ÖØƯºóµÍ£¬£¬£¬£¬ÇÒÎÞÐèÓû§½»»¥¡£¡£¡£

ƾ֤ShodanµÄËÑË÷Ч¹û£¬£¬£¬£¬ÊýÒÔǧ¼ÆµÄvCenter Server¿Éͨ¹ý»¥ÁªÍø»á¼û²¢Êܵ½¹¥»÷ ¡£¡£¡£ÏÖÔÚÒѾ­¼ì²âµ½¹¥»÷ÕßÕýÔÚɨÃèºÍ¹¥»÷±£´æÎó²îµÄVMware vCenter ЧÀÍÆ÷¡£¡£¡£

³ýCVE-2021-22005Ö®Í⣬£¬£¬£¬VMware»¹ÐÞ¸´ÁËvCenter ServerÖеÄÆäËü18¸öÇå¾²Îó²î£º

l  CVE-2021-21991£ºvCenter Server ÍâµØÌáȨÎó²î£¨CVSSv3ÆÀ·Ö8.8£©

l  CVE-2021-22006£ºvCenter Server ·´ÏòÊðÀíÈƹýÎó²î£¨CVSSv3ÆÀ·Ö8.3£©

l  CVE-2021-22011£ºvCenter Serverδ¾­Éí·ÝÑéÖ¤µÄ API ¶ËµãÎó²î£¨CVSSv3ÆÀ·Ö8.1£©

l  CVE-2021-22015£ºvCenter Server ÍâµØÌáȨÎó²î£¨CVSSv3ÆÀ·Ö7.8£©

l  CVE-2021-22012£ºvCenter Server δ¾­Éí·ÝÑéÖ¤µÄ API ÐÅϢй¶Îó²î£¨CVSSv3ÆÀ·Ö7.5£©

l  CVE-2021-22013£ºvCenter Server ·¾¶±éÀúÎó²î£¨CVSSv3ÆÀ·Ö7.5£©

l  CVE-2021-22016£ºvCenter Server ·´ÉäÐÍ XSS Îó²î£¨CVSSv3ÆÀ·Ö7.5£©

l  CVE-2021-22017£ºvCenter Server rhttpproxy ÈƹýÎó²î£¨CVSSv3ÆÀ·Ö7.3£©

l  CVE-2021-22014£ºvCenter Server Éí·ÝÑéÖ¤´úÂëÖ´ÐÐÎó²î£¨CVSSv3ÆÀ·Ö7.2£©

l  CVE-2021-22018£ºvCenter Server Îļþɾ³ýÎó²î£¨CVSSv3ÆÀ·Ö6.5£©

l  CVE-2021-21992£ºvCenter Server XML ÆÊÎö¾Ü¾øЧÀÍÎó²î£¨CVSSv3ÆÀ·Ö6.5£©

l  CVE-2021-22007£ºvCenter Server ÍâµØÐÅϢй¶Îó²î£¨CVSSv3ÆÀ·Ö5.5£©

l  CVE-2021-22019£ºvCenter Server ¾Ü¾øЧÀÍÎó²î£¨CVSSv3ÆÀ·Ö5.3£©

l  CVE-2021-22009£ºvCenter Server VAPI ¾Ü¾øЧÀÍÎó²î£¨CVSSv3ÆÀ·Ö5.3£©

l  CVE-2021-22010£ºvCenter Server VPXD ¾Ü¾øЧÀÍÎó²î£¨CVSSv3ÆÀ·Ö5.3£©

l  CVE-2021-22008£ºvCenter Server ÐÅϢй¶Îó²î£¨CVSSv3ÆÀ·Ö5.3£©

l  CVE-2021-22020£ºvCenter Server Analytics ЧÀ;ܾøЧÀÍÎó²î£¨CVSSv3ÆÀ·Ö5.0£©

l  CVE-2021-21993£ºvCenter Server SSRF Îó²î£¨CVSSv3ÆÀ·Ö4.3£©

 

Ó°Ïì¹æÄ£

CVE-2021-22005£º

VMware vCenter Server 7.0

VMware vCenter Server 6.7

×¢£ºCVE-2021-22005»áÓ°ÏìËùÓÐĬÈÏÉèÖÃµÄ vCenter Server 6.7 ºÍ 7.0 °²ÅÅ£¬£¬£¬£¬²»»áÓ°Ïì vCenter Server 6.5¡£¡£¡£ÆäËü18¸öÎó²îµÄÓ°Ïì¹æÄ£Çë°Ý¼ûVMware¹Ù·½Í¨¸æ¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚVMwareÒѾ­Ðû²¼ÁËÏà¹ØÎó²îµÄ²¹¶¡£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìµÄÓû§²Î¿¼VMware¹Ù·½Í¨¸æʵʱÉý¼¶¸üС£¡£¡£

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/

https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-09-23

Ê×´ÎÐû²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

CVSS£ºwww.first.org

NVD£ºnvd.nist.gov

 

0x06 ¹ØÓÚ¼øºÚµ£±£Íø

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬»ñÈ¡¸ü¶à×ÊѶ£º

image.png