Main Vulnerability Database Exploits ID:8646 - Exploit for Incorrect default permissions in vCenter Server - CVE-2021-22015

ID:8646 - Exploit for Incorrect default permissions in vCenter Server - CVE-2021-22015

Published: December 5, 2022

Vulnerability identifier: #VU56804

Vulnerability risk: Low

CVE-ID: CVE-2021-22015

CWE-ID: CWE-276

Exploitation vector: Local access

Vulnerable software:
vCenter Server

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/linux/local/vcenter_java_wrapper_vmon_priv_esc

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the system. A local user with access to the system can escalate privilege to root on vCenter Server Appliance.

Remediation

Install updates from vendor's website.

ID:8646 - Exploit for Incorrect default permissions in vCenter Server - CVE-2021-22015

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human