CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

by CIRT Team

07 Jun 2021

in CVE, Security Advisories & Alerts

No Comments

2131

Description:

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Impacted Products:
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

CVSSv3 Score: 9.8 CRITICAL

Impact:
A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Mitigation: Updates are available. Please see the references or vendor advisory for more information.

Reference:
https://www.vmware.com/security/advisories/VMSA-2021-0010.html

info@cirt.gov.bd

+88-02-550071 83-86

CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution

by CIRT Team

07 Jun 2021

in CVE, Security Advisories & Alerts

No Comments

2131

CIRT Team

Recommended Posts

Situational Awareness for Eid-Ul-Fitr 2025 Holidays

Critical Vulnerability (CVE-2018-19410) Exposes 600 PRTG Instances in Bangladesh

Emerging Phishing Attack on Cyber Space of Bangladesh

Subscribe here

Important links

MEMBER OF: