Security News > 2021 > May > VMware fixes critical vCenter Server RCE vulnerability, urges immediate action (CVE-2021-21985)

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible.

The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

As Claire Tills, Senior Research Engineer at Tenable, noted, even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network.

"In a rare move, VMware published a blog post calling out ransomware groups as being adept at leveraging flaws like this post-compromise, after having gained access to a network via other means such as spearphishing. With ransomware dominating the news, this context is important and reinforces VMware's assertion that patching these flaws should be a top priority," she told Help Net Security.

She pointed out that in February 2020, VMware patched two other vCenter Server vulnerabilities and researchers saw mass scanning for the RCE one within a day of its publication.

Trustwave SpiderLabs researchers have used the Shodan search engine to discover how many still vulnerable VMWare vCenter Server instances are currently connected to the internet.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/VpTCK1MXGoA/