Security News > 2021 > May > VMware warns of critical bug affecting all vCenter Server installs
VMware urges customers to patch a critical remote code execution vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.
vCenter Server is a server management solution that helps IT admins manage virtual machines and virtualized hosts within enterprise environments via a single console.
"The vSphere Client contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server," VMware explains.
According to VMware, the vulnerable "Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used."
The steps needed to disable vCenter Server plugins on Linux-based virtual appliances and Windows-based vCenter Server deployments by configuring them as incompatible can be found here.
In February, VMware addressed a similar critical RCE bug affecting all vCenter Server deployments running a vulnerable vCenter Server plugin for vRealize Operations present in all default installations.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)