Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vCenter vulnerability is well known and requires network access to port 443 on a vCenter server. An unauthenticated attacker can leverage public exploit code to gain complete control of a device or escalate privileges to spread malware, such as ransomware, across the network.
Kill Chain
Risk Score
83
VMware vCenter Server enables the management of virtual environments for Windows and Linux hosts. The Analytics service in vCenter has a vulnerability that allows an unauthenticated attacker to bypass a proxy and access restricted endpoints on port 443. The attacker sends unauthenticated web requests where the URI contains a path traversal fragment (such as ../ or %252E%252E%252F), the restricted endpoint path (/analytics/ph/api/dataapp/agent), and a malicious web shell (1). The vulnerable vCenter sends a response to indicate that the malicious POST request was accepted (2). The attacker can now run commands on the compromised server by making additional requests to the web shell on the server.
