Security News > 2021 > February > Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks

VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges.
vCenter Server is a management software designed to provide a centralized platform for controlling VMware vSphere environments.
The critical vulnerability, discovered by Positive Technologies researcher Mikhail Klyuchnikov, impacts a vCenter Server plugin used by the vSphere Client.
The flaw, tracked as CVE-2021-21972 with a CVSS score of 9.8, can be exploited by an attacker with network access to port 443 to "To execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware said in its advisory.
"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," Positive Technologies' Klyuchnikov explained.
The NSA warned recently that a state-sponsored threat actor linked to Russia had exploited a flaw in VMware Workspace ONE, likely even before a patch was released by the virtualization giant.
News URL
Related news
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |