NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Just in Time Bulletin: CVE-2021-21985

Sep 02, 2021
  • What is CVE-2021-21985 (VMware vCenter Server RCE )? 

    CVE-2021-21985 is a RCE vulnerability which can be exploited by a remote, unauthenticated attacker sending a crafted HTTP packet to a vulnerable server. Successful exploitation would grant threat actors unrestricted privileges on the underlying operating system. The flaw stems from a lack of input validation within the Virtual SAN Health Check Plugin, which is enabled by default on vCenter. VMware assigned this critical flaw with a 9.8 CVSSv3 score, emphasizing the severity of the vulnerability.

  • How bad is this? 

    Active exploitation today: No Evidence

    Severity: Critical

    • credentials not required
    • authentication bypass
    • results in vCenter Server compromise
    • Widespread deployment in VMWare vCenter Server in corporate networks.The effects of an exploit that would grant remote code execution would be widespread and highly impactful, likely resulting in the compromise of the parent domain. The compromise of vCenter servers could lead to significant service interruptions and the compromise of high level domain accounts.

     

  • Who is affected by this? 

    • vCenter Server 7.0
    • vCenter Server 6.7
    • vCenter Server 6.5
    • Cloud Foundation 4.x
    • Cloud Foundation 3.x

  • How are they exploited? 

    An unauthenticated, remote attacker could exploit this vulnerability.

  • How do I protect myself? 

    VMware has released an emergency patch to address the RCE vulnerability affecting the Health Check Plugin. It is recommended that affected organizations take immediate action to apply the patch. As a temporary solution it is possible to disable the vulnerable plugins. Please refer to the links below for additional information.

    Additional Resources: