CVE-2021-22017: 
vSphere vCenter Server vulnerability analysis and mitigation

CVE-2021-22017 is a vulnerability in the Rhttproxy component of VMware vCenter Server, discovered and disclosed in September 2021. The vulnerability stems from improper implementation of URI normalization in the proxy service. This security flaw affects vCenter Server versions 6.5 and 6.7, but notably does not affect version 7.0 (VMware Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (Important severity) by VMware. The technical root cause lies in the improper implementation of URI normalization in the Rhttproxy component, which could allow unauthorized access to internal endpoints. The vulnerability specifically affects port 443 on vCenter Server installations (NVD).

When successfully exploited, this vulnerability allows a malicious actor with network access to port 443 on vCenter Server to bypass proxy protections, potentially leading to unauthorized access to internal endpoints. This could compromise the security boundaries intended to be enforced by the proxy (VMware Advisory).

VMware has released patches to address this vulnerability. For vCenter Server 6.7, the fix is included in version 6.7 U3o, and for version 6.5, the fix is available in version 6.5 U3q. No workarounds are available, making patch installation the only effective mitigation strategy (VMware Advisory).

Security researchers and threat intelligence companies have actively monitored and reported on this vulnerability. GreyNoise has observed attacks combining this vulnerability with CVE-2021-22005, indicating significant attention from threat actors (SecurityWeek).