Multiple vulnerabilities in VMware vCenter Server
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-21985 CVE-2021-21986 |
| CWE-ID | CWE-20 CWE-287 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software |
vCenter Server Server applications / Virtualization software Cloud Foundation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU53595
Risk: Critical
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2021-21985
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Virtual SAN Health Check plug-in, which is enabled by default. A remote non-authenticated attacker can send a specially crafted HTTP request to the vSphere Client available at port 443/tcp and execute arbitrary commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Install updates from vendor's website.
Vulnerable software versionsvCenter Server: 6.5 U1 - 7.0.0
Cloud Foundation: 3.0 - 4.2
CPE2.3- cpe:2.3:a:vmware:vcenter-server:6.5 U1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter-server:6.5u2c:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter-server:6.5 U3n:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU53596
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-21986
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests to the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsvCenter Server: 6.5 U1 - 7.0.0
Cloud Foundation: 3.0 - 4.2
CPE2.3- cpe:2.3:a:vmware:vcenter-server:6.5 U1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter-server:6.5u2c:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter-server:6.5 U3n:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
