A Critical Security Flaw Found on all VMware vCenter Servers

28 May 2021 [NO.TCSA : 20210528-1-1-P]

PUBLISHED:
28 May 2021

A Critical Security Flaw Found on all VMware vCenter Servers

A critical  remote code execution bug was found in VMware vCenter Server 6.5, 6.7, and 7.0, according to VMware’s security advisory. The vulnerability rated with a CVSSv3 base score of 9.8 out of 10 is being tracked as CVE-2021-21985.

The issue exists on the vSphere Client (HTML5) of Virtual SAN Health Check plug-in which is enabled by default in all vCenter Server deployments, whether or not vSAN is being used. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

VMware further stated that in this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop, and perhaps even in control of a user account, which is why VMware strongly recommends declaring an emergency change and patching as soon as possible.

Affected Versions

  • vCenter Server 6.5
  • vCenter Server 6.7
  • vCenter Server 7.0
  • Cloud Foundation (vCenter Server)  4.x
  • Cloud Foundation (vCenter Server)  3.x

Mitigation

Apply the security updates or apply the workaround described in VMSA-2021-0010.

More Information

13 July 2023 [NO.TCSA : 20230713-1-1-P]

Fortinet Patches Critical Remote Code Execution Vulnerability in FortiOS/FortiProxy

READ MORE READ MORE
23 June 2023 [NO.TCSA : 20230623-1-1-P]

WSO2 Releases Patches for Vulnerabilities in API Manager, Identity Server, and Other Products

READ MORE READ MORE
12 June 2023 [NO.TCSA : 20230612-1-1-P]

Fortinet Releases Urgent Patches for Critical Pre-Authentication RCE Vulnerability in Fortigate SSL-VPN Devices

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN