Background
On May 25, 2021, VMware published a security advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-21985. vCenter Server is a server management solution that System Administrators use to manage virtual machines and virtualized hosts within enterprise environments via a single console. The same day, VMware also published a blog post about CVE-2021-21985 which provides instructions on how to mitigate this vulnerability.
CVE ID |
CVSS Score V3 |
CVSS Criticality |
Type |
Description |
CVE-2021-21985 |
9.8 |
Critical |
Remote Code Execution |
Remote code execution vulnerability in vSphere Client |
Analysis
CVE-2021-21985
This vulnerability is a Remote Code Execution (RCE) vulnerability within the vSphere Client (HTML5). Due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Solutions and Recommendations
VMware has released patches to address this vulnerability and recommends organizations urgently mitigate it.
If you are running either versions 6.5, 6.7, or 7.0 of VMware vCenter Server, detailed information on how to effectively patch against CVE-2021-21985 can be found in VMware’s blog.
References
Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.