Security News > 2021 > February > Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks

VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges.

vCenter Server is a management software designed to provide a centralized platform for controlling VMware vSphere environments.

The critical vulnerability, discovered by Positive Technologies researcher Mikhail Klyuchnikov, impacts a vCenter Server plugin used by the vSphere Client.

The flaw, tracked as CVE-2021-21972 with a CVSS score of 9.8, can be exploited by an attacker with network access to port 443 to "To execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware said in its advisory.

"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," Positive Technologies' Klyuchnikov explained.

The NSA warned recently that a state-sponsored threat actor linked to Russia had exploited a flaw in VMware Workspace ONE, likely even before a patch was released by the virtualization giant.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/1nMV3DFn9Ag/critical-vmware-vcenter-server-flaw-can-expose-organizations-remote-attacks