fbpx

This website uses cookies to ensure you get the best experience. More Information

VMware vulnerabilities advisory

25 February 2021 - by Obrela SOC

On February 23, VMware issued a security advisory (VMSA-2021-0002) regarding 3 vulnerabilities affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. According to open source intelligence, it is estimated that more than 6.700 systems are vulnerable

 

Vmware vCenter Server RCE in vSphere Client (CVE-2021-21972)

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Severity: 9.8 (Critical)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

 

ESXi heap overflow (CVE-2021-21974)

A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

Severity: 8.8 (Important)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/76372

 

Vmware vCenter Server SSRF in vSphere Client (CVE-2021-21973)

A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.

Severity: 5.3 (Moderate)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

 

Mitigation

Updates are available to remediate these vulnerabilities in affected VMware products, however only the provided steps ensure temporary mitigation. It is advised to perform the provided workarounds for each vulnerability separately, as soon as possible as exploitation proof of concept scripts are now publicly available for both Windows and Linux targets.

LATEST UPDATES