Organizations running vCenter Server and VMware Cloud Foundation are urged to apply fixes deployed on May 25.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory to confirm it is "aware of the likelihood" that attackers are attempting to exploit CVE-2021-21985.
This is a remote code execution vulnerability in the VMware vCenter Server and VMware Cloud Foundation. VMware patched the flaw on May 25 alongside CVE-2021-21986 and grouped the two under a critical security advisory. CVE-2021-21985 has a CVSSv3 score of 9.8/10 and CVE-2021-21986 has a score of 6.5/10.
"Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system," CISA officials wrote in the advisory.
In its description of CVE-2021-21985, VMware explained the vSphere Client (HTML5) contains a remote code execution flaw due to lack of input validation in the Virtual SAN Health Check plug-in that is enabled by default in vCenter Server. An attacker with network access to port 443 can exploit this issue "to execute commands with unrestricted privileges" on the underlying operating system that hosts vCenter Server.
"The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used," company officials wrote.
Read the full CISA advisory and VMware blog post for more information.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024