Client Application Firewall
This indicates an attack attempt to exploit a Remote Code Execution in VMware vCenter.
The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in. A remote attacker can exploit this to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server..
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”. https://threatpost.com/vmware-ransomware-alarm-critical-bug/166501/ Admins responsible for vCenter machines that have yet to patch CVE-2021-21985 should install the update immediately if possible.
vCenter Server 6.5
vCenter Server 6.7
vCenter Server 7.0
Cloud Foundation (vCenter Server) 3.x
Cloud Foundation (vCenter Server) 4.x
System Compromise: Remote attackers can gain control of vulnerable systems.
Apply the most recent upgrade or patch from the vendor.