| ID | 50443 |
| Created | May 31, 2021 |
| Updated | Dec 27, 2022 |
| Outbreak Alert | VMWare vCenter vulnerabilities |
| Severity |
|
| CVE ID | CVE-2021-21985 |
| EPSS | 97.37% |
| Default Action | pass |
| Affected OS | All |
| Affected App | Other |
Database Update History
| Date | Version | Detail |
|---|---|---|
| 2022-12-28 | 22.465 | Sig Added |
| 2022-08-15 | 21.373 | Sig Added |
| 2022-02-22 | 19.263 | Sig Added |
Refine Search
Threat Encyclopedia
VMware.vCenter.CVE-2021-21985.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution in VMware vCenter.
The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in. A remote attacker can exploit this to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server..
Affected Products
vCenter Server 6.5
vCenter Server 6.7
vCenter Server 7.0
Cloud Foundation (vCenter Server) 3.x
Cloud Foundation (vCenter Server) 4.x
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
