fbpx

This website uses cookies to ensure you get the best experience. More Information

Remote code execution vulnerability in vSphere Client (CVE-2021-21985)

27 May 2021 - by Obrela SOC

On May 25, VMware issued a security advisory (VMSA-2021-0010) regarding 2 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation. According to open source intelligence, it is estimated that almost 5.600 systems are vulnerable.

 

Remote code execution vulnerability in vSphere Client (CVE-2021-21985)

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Severity: 9.8 (Critical)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/83829

 

 

Authentication mechanism issue in vCenter Server Plug-ins (CVE-2021-21986)

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Severity: 6.5 (Moderate)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/83829

 

Mitigation

Updates are available to remediate these vulnerabilities in affected VMware products and VMware urges users to patch their devices. Until you are able to patch properly, and you don’t use vSAN, then the above suggested resolution steps can be used for disabling the plugins affected by these two vulnerabilities.

LATEST UPDATES

VMware vulnerabilities advisory

25 February 2021 - by Obrela SOC

On February 23, VMware issued a security advisory (VMSA-2021-0002) regarding 3 vulnerabilities affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. According to open source intelligence, it is estimated that more than 6.700 systems are vulnerable

 

Vmware vCenter Server RCE in vSphere Client (CVE-2021-21972)

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Severity: 9.8 (Critical)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

 

ESXi heap overflow (CVE-2021-21974)

A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

Severity: 8.8 (Important)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/76372

 

Vmware vCenter Server SSRF in vSphere Client (CVE-2021-21973)

A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.

Severity: 5.3 (Moderate)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

 

Mitigation

Updates are available to remediate these vulnerabilities in affected VMware products, however only the provided steps ensure temporary mitigation. It is advised to perform the provided workarounds for each vulnerability separately, as soon as possible as exploitation proof of concept scripts are now publicly available for both Windows and Linux targets.

LATEST UPDATES