CVE-2021-22017:Rhttproxy in vCenter Server contains a URI normalization vulnerability allowing network attackers to bypass proxy and access internal endpoints.

splash
Back

Description Preview

The Rhttproxy component used in VMware vCenter Server has a security vulnerability related to improper implementation of URI normalization. This vulnerability allows malicious actors with network access to port 443 on vCenter Server to bypass the proxy mechanism, enabling them to access internal endpoints that should be restricted. This issue could potentially lead to unauthorized access to sensitive components within the vCenter Server infrastructure.

Overview

CVE-2021-22017 affects VMware vCenter Server's Rhttproxy component, which fails to properly normalize URIs before processing them. This vulnerability enables attackers who can reach the vCenter Server's HTTPS port (443) to craft special requests that bypass intended proxy restrictions. By exploiting this vulnerability, attackers can reach internal endpoints that should be inaccessible, potentially compromising the security of the entire vCenter Server environment. This is a critical security issue as vCenter Server is a central management tool for VMware virtualization environments, and unauthorized access could lead to significant security breaches across the virtualized infrastructure.

Remediation

To address this vulnerability, organizations should:

  1. Apply the patches provided by VMware as detailed in the VMSA-2021-0020 security advisory.
  2. Ensure vCenter Server is not directly exposed to untrusted networks.
  3. Implement network segmentation to restrict access to vCenter Server management interfaces.
  4. Monitor logs for suspicious access attempts to vCenter Server.
  5. Follow VMware's recommended security configurations for vCenter Server deployments.
  6. Consider implementing additional network security controls such as web application firewalls or intrusion prevention systems to protect vCenter Server instances.

References

  1. VMware Security Advisory VMSA-2021-0020: https://www.vmware.com/security/advisories/VMSA-2021-0020.html
  2. VMware Knowledge Base articles referenced in the advisory for specific patch information
  3. CVE-2021-22017 in the National Vulnerability Database

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Retail Trade
    Retail Trade
  6. Wholesale Trade
    Wholesale Trade
  7. Accommodation & Food Services
    Accommodation & Food Services
  8. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  9. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  10. Construction
    Construction
  11. Educational Services
    Educational Services
  12. Finance and Insurance
    Finance and Insurance
  13. Information
    Information
  14. Management of Companies & Enterprises
    Management of Companies & Enterprises
  15. Mining
    Mining
  16. Other Services (except Public Administration)
    Other Services (except Public Administration)
  17. Public Administration
    Public Administration
  18. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  19. Transportation & Warehousing
    Transportation & Warehousing
  20. Utilities
    Utilities

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background