Security News > 2021 > February > VMware fixes critical RCE bug in all default vCenter installs
VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.
The impacted vCenter Server plugin for vRealize Operations is present in all default installations, with vROPs not being required for the affected endpoint to be available.
VMware fixed an Unauth RCE in vCenter found by our researcher Mikhail Klyuchnikov.
VMware also fixed today an important heap-overflow vulnerability in VMware ESXi that may enable attackers to execute arbitrary code remotely on impacted devices.
In April 2020, VMware addressed another critical vCenter Server vulnerability that could've allowed attackers to access sensitive information and potentially take control of impacted Windows systems or virtual appliances.
News URL
Related news
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)