Threat Encyclopedia

VMware.vCenter.CVE-2021-21985.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution in VMware vCenter.
The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in. A remote attacker can exploit this to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server..

affected-products-logoAffected Products

vCenter Server 6.5
vCenter Server 6.7
vCenter Server 7.0
Cloud Foundation (vCenter Server) 3.x
Cloud Foundation (vCenter Server) 4.x

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Telemetry logoTelemetry