Home > Cyber News > CVE-2021-21985: Critical Flaw in VMware vCenter Needs Immediate Patching

CVE-2021-21985: Critical Flaw in VMware vCenter Needs Immediate Patching

CVE-2021-21985-vmware-vulnerability-sensorstechforumCVE-2021-21985 is a critical vulnerability in VMware vCenter that needs to be patched immediately. The vulnerability has been rated with a CVSS score of 9.8 out of 10, and it could enable a malicious actor to execute arbitrary code on a targeted server.

CVE-2021-21985: Critical Flaw in VMware vCenter

The flaw is triggered by a lack of input validation in the Virtual SAN (vSAN) Health Check pluin-in, enabled by default in the vCenter server. According to the official advisory, impacted are the following products:

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

“Multiple vulnerabilities in the vSphere Client (HTML5) were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products,” the advisory says. More specifically, the flaws were reported by security researcher Ricter Z of 360 Noah Lab.

What is VMware vCenter Server? Shortly said, it is a server management tool that controls virtual machines, ESXi hosts, and other components from a centralized location. The vulnerability impacts server versions 6.5, 6.7, and 7.0, and Cloud Foundation versions 3.x and 4.x.

It should also be mentioned that the released patches also fix an authentication issue in the vSphere Client that affects Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. This issue is known as CVE-2021-21986, and rated 6.5 out of 10 according to the CVSS scale. The flaw could allow an attacker to perform actions permitted by the plug-ins without authentication.

More details about the vulnerabilities as well as information on how to apply patches are available in the advisory. The company is urging customers to patch immediately.

Why is timely patching so crucial?
Earlier this year, the RansomExx gang was exploiting two vulnerabilities in the VMWare ESXi product. In February, reports showed that the ransomware operators were utilizing CVE-2019-5544 and CVE-2020-3992 in VMware ESXi. Shortly said, the two flaws could aid an attacker on the same network to send malicious SLP requests to a vulnerable ESXi device. The attacker could then gain control over it.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share