Security News > 2021 > February > VMware fixes critical RCE bug in all default vCenter installs
VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.
The impacted vCenter Server plugin for vRealize Operations is present in all default installations, with vROPs not being required for the affected endpoint to be available.
VMware fixed an Unauth RCE in vCenter found by our researcher Mikhail Klyuchnikov.
VMware also fixed today an important heap-overflow vulnerability in VMware ESXi that may enable attackers to execute arbitrary code remotely on impacted devices.
In April 2020, VMware addressed another critical vCenter Server vulnerability that could've allowed attackers to access sensitive information and potentially take control of impacted Windows systems or virtual appliances.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)