CVE-2021-22014high
Description
The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter Server may exploit this issue to execute code on the underlying operating system that hosts vCenter Server.
References
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Details
Source: MITRE
Published: 2021-09-23
Updated: 2021-09-27
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 9
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8
Severity: HIGH
CVSS v3
Base Score: 7.2
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.2
Severity: HIGH