VMWare VCenter affected by multiple RCE vulnerabilities

Threat Level – Red | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Multiple Remote code execution vulnerabilities have been patched by VMWare today. These vulnerabilities (CVE-2021-21985, CVE-2021-21986) exist due to lack of validation in vSAN(Virtual SAN) Health Check Plug-in which is a default plug-in in vCenter Server. Anyone with an unauthorized network access to port 443 can exploit these by executing commands which do not require any privileges on the OS where vCenter server exists.

Vulnerability Details

Patch Link

https://www.vmware.com/security/advisories/VMSA-2021-0010.html
References

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox