VMware Discloses Severe Vulnerabilities That Need ‘Immediate Attention’
VMware has disclosed a pair of vulnerabilities impacting vCenter Server, a centralized management software for VMware vSphere systems. The most severe flaw, CVE-2021-21985, is a remote code execution vulnerability in vSphere Client, assigned a CVSSv3 score of 9.8
To exploit this vulnerability, an attacker would need to be able to access vCenter Server over port 443 in the firewall. Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once
…..Read More
VMware has disclosed a pair of vulnerabilities impacting vCenter Server, a centralized management software for VMware vSphere systems. The most severe flaw, CVE-2021-21985, is a remote code execution vulnerability in vSphere Client, assigned a CVSSv3 score of 9.8
To exploit this vulnerability, an attacker would need to be able to access vCenter Server over port 443 in the firewall. Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network.
In a rare move, VMware published a blog post calling out ransomware groups as being adept at leveraging flaws like this post-compromise, after having gained access to a network via other means such as spearphishing. With ransomware dominating the news, this context is important and reinforces VMware’s assertion that patching these flaws should be a top priority. Successful exploitation would allow an attacker to execute arbitrary commands on the underlying vCenter host.
VMware also patched CVE-2021-21986, which is an authentication mechanism issue found in several vCenter Server Plug-ins and was assigned a CVSSv3 score of 6.5, making it moderately severe.
VMware has provided patches for both flaws and organizations using vCenter Servers are advised to act immediately.
Read Less
