VMware recently released its latest security advisory urging customers to update their vCenter Servers as soon as possible. VMware vCenter Server versions 6.5, 6.7, and 7.0 have a critical remote code execution vulnerability dubbed CVE-2021-21985 in them that requires immediate patching.
⚡ TL;DR | Go Straight to the VMware Vulnerability Report.
Remote Code Execution Vulnerability In The vSphere Client (CVE-2021-21985)
Listed as CVE-2021-21985, this VMware vulnerability allows for an attacker to run whatever they want on the underlying operating system that hosts vCenter Server. This is due to an issue in the Virtual SAN Health Check plug-in and its input validation, or lack thereof. All attackers need is access to the server's 443 port to exploit the vulnerability.
What makes this vulnerability so critical is that you do not need to use the vSAN plugin. All that is required is that the plugin is active, which is its default state. Therefore it has received a critical CVSSv3 base score of 9.8.
Want to run this Audit Report?
Start your Free Lansweeper Trial to run the Audit Report.
vCenter Server Plug-ins Vulnerability (CVE-2021-21986)
The lesser of the two vulnerabilities tracked as CVE-2021-21986, covers a vulnerability in the authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins.
If exploited, it allows attackers to perform actions with the plugins without the need to authenticate. Since the actions that can be taken are limited by the plugins, it received a lower CVSSv3 base score of 6.5. This is less critical than the other VMware remote code execution which is rated at 9.8.
Detect and fix the vulnerabilities
To help you quickly identify which VMware vCenter servers might be vulnerable and still need to be updated. We've created a special report that lists all your vCenter servers along with the version and the build number. Additionally, it is color-coded to indicate whether you still need to update them or if they are safe. This makes it easy to keep an overview of which machines you still need to work on. Remember that cyber security remains an important item during these times.