VMware Warns of Critical Remote Code Execution Hole In vCenter

An anonymous reader quotes a report from ZDNet: VMware is urging its vCenter users to update vCenter Server versions 6.5, 6.7, and 7.0 immediately, after a pair of vulnerabilities were reported privately to the company. The most pressing is CVE-2021-21985, which relates to a remote code execution vulnerability in a vSAN plugin enabled by default in vCenter that an attacker could use to run whatever they wished on the underlying host machine, provided they can access port 443. Even if users do not use vSAN, they are likely to be affected because the vSAN plugin is enabled by default. "This needs your immediate attention if you are using vCenter Server," VMware said in a blog post. The second vulnerability, CVE-2021-21986, would allow an attacker to perform actions allowed by plugins without authentication. "The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins," VMware said. In terms of CVSSv3 scores, CVE-2021-21985 hit an 9.8, while CVE-2021-21986 was scored as 6.5.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/34o7G6M

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER