CVE-2021-22018: 
vSphere vCenter Server vulnerability analysis and mitigation

CVE-2021-22018 is an arbitrary file deletion vulnerability discovered in the VMware vSphere Life-cycle Manager plug-in component of vCenter Server. The vulnerability was disclosed on September 21, 2021, and affects VMware vCenter Server 7.0 and VMware Cloud Foundation 4.x versions. VMware has evaluated this vulnerability with a CVSSv3 base score of 6.5, categorizing it as moderate severity (VMware Advisory, NVD).

The vulnerability exists in the VMware vSphere Life-cycle Manager plug-in and specifically affects port 9087 on vCenter Server. It has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. The vulnerability stems from improper validation of user input that could lead to arbitrary file deletion operations (ZDI Advisory).

When exploited, this vulnerability allows attackers to delete non-critical files on the affected vCenter Server systems. The impact is limited to file deletion capabilities, with no ability to execute code or access sensitive information (VMware Advisory).

VMware has released patches to address this vulnerability. For vCenter Server 7.0, users should upgrade to version 7.0 U2d. For VMware Cloud Foundation 4.x, users should upgrade to version 4.3.1. No workarounds are available for this vulnerability, making patching the only effective mitigation strategy (VMware Advisory).