CISA warns criminals seeking to exploit the key…


Organizations running vCenter Server and VMware Cloud Foundation are urged to apply the fixes deployed on May 25.

The Cyber ​​Security and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security issued an announcement to confirm that it was “aware” of the possibility of an attacker trying to exploit CVE-2021-21985.

This is a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. VMware patched the vulnerability and CVE-2021-21986 on May 25, and classified the two as an important security bulletin. CVE-2021-21985 has a CVSSv3 score of 9.8/10, and CVE-2021-21986 has a score of 6.5/10.

CISA officials wrote in the announcement: “Although the patch was released on May 25, 2021, unpatched systems are still an attractive target. Attackers can use this vulnerability to control unpatched systems.”

In the description of CVE-2021-21985, VMware explained that the vSphere Client (HTML5) contains a remote code execution flaw due to the lack of input validation in the Virtual SAN Health Check plugin enabled by default in vCenter Server. Attackers with network access to port 443 can use this issue to “execute commands with unrestricted permissions” on the underlying operating system hosting vCenter Server.

“The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, regardless of whether vSAN is used or not,” a company official wrote.

Read the full CISA consultation and VMware blog post to learn more.

Dark Reading’s Quick Hits briefly introduced the importance of breaking news events. For more information about the original source of this news, please click on the link provided in this article.View the complete bio

Recommended reading:

More insights

Related Articles

Back to top button