VMWare VCenter affected by multiple RCE vulnerabilities
Threat Level – Red | Vulnerability Report
Download PDFFor a detailed advisory, download the pdf file here.
Multiple Remote code execution vulnerabilities have been patched by VMWare today. These vulnerabilities (CVE-2021-21985, CVE-2021-21986) exist due to lack of validation in vSAN(Virtual SAN) Health Check Plug-in which is a default plug-in in vCenter Server. Anyone with an unauthorized network access to port 443 can exploit these by executing commands which do not require any privileges on the OS where vCenter server exists.
Vulnerability Details
Patch Link
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
References
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox