Client Application Firewall
VMware.vCenter.CVE-2021-21985.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution in VMware vCenter.
The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in. A remote attacker can exploit this to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server..
Outbreak Alert
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”. https://threatpost.com/vmware-ransomware-alarm-critical-bug/166501/ Admins responsible for vCenter machines that have yet to patch CVE-2021-21985 should install the update immediately if possible.
Affected Products
vCenter Server 6.5
vCenter Server 6.7
vCenter Server 7.0
Cloud Foundation (vCenter Server) 3.x
Cloud Foundation (vCenter Server) 4.x
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-12-28 | 22.465 | Sig Added |
| 2022-08-15 | 21.373 | Sig Added |
| 2022-02-22 | 19.263 | Sig Added |
| ID | 50443 |
| Created | May 31, 2021 |
| Updated | Dec 27, 2022 |
| Outbreak Alert | VMWare vCenter vulnerabilities |
| Risk |
|
| CVE ID | CVE-2021-21985 |
| EPSS | 97.4% |
| Default Action | pass |
| Affected OS | All |
| Affected App | Other |