Detections
Analytics
CVE-2021-21985
critical
Description
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
From the Tenable Blog
CVE-2021-21985: Critical VMware vCenter Server Remote Code Execution
Published: 2021-05-25
VMware has issued patches for a critical remote code execution vulnerability in vCenter Server. Organizations are strongly encouraged to apply patches as soon as possible. Update June 2: The Identifying Affected Systems section has been updated to include audit checks for the workaround. Update June 4: The Proof of Concept section has been updated to reflect the publication of exploit code and active scanning for vulnerable servers.
References
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a