VMware VCenter Remote Code Execution Vulnerability
Two critical* VMware VCenter Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.8 were released by VMware.
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Furthermore, the vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins.
A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
Due to the severity/criticality of these vulnerabilities, it is highly recommended that the patches specified in the Recommended Solution(s) seçtion be downloaded to ensure the safety of systems/assets.
Affected Systems
The following servers/systems/versions are affected by these vulnerabilities;
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Reported IoCs
-
Recommended Solution(s)
Organizations using the following products are recommended to download the patches in the table below.
| Product | Download |
|---|---|
| vCenter Server | KB83829 |
| Cloud Foundation (vCenter Server) | KB83829 |
CVE / CWE
CVE-2021-21985 and CVE-2021-21986
Related Website(s)
- https://www.vmware.com/security/advisories/VMSA-2021-0010.html
- https://www.tenable.com/blog/cve-2021-21985-critical-vmware-vcenter-server-remote-code-execution
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21986
* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.
Current Security Vulnerability Reports
İSTANBUL
+90 216 504 53 32
Aydınevler Mahallesi,İsmet İnönü Cadddesi,Küçükyalı Ofis Park A Blok,No:20/1 Maltepe İstanbul
ANKARA
+90 312 235 44 51
VULNERABILITY NEWSLETTER
You can register to our newsletter on the home page to be instantly informed about security vulnerabilities.
© 2021 Barikat Cyber Security All rights reserved.