#VU53595 Input validation error in vCenter Server and Cloud Foundation - CVE-2021-21985

Cybersecurity Help s.r.o.

Published: 2021-05-26 | Updated: 2022-02-20

Vulnerability identifier: #VU53595

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-21985

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
vCenter Server
Server applications / Virtualization software
Cloud Foundation
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Virtual SAN Health Check plug-in, which is enabled by default. A remote non-authenticated attacker can send a specially crafted HTTP request to the vSphere Client available at port 443/tcp and execute arbitrary commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

vCenter Server: 6.5 U1 - 7.0.0

Cloud Foundation: 3.0 - 4.2

External links
https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell VxRail Appliance

Multiple vulnerabilities in Dell PowerFlex Appliance

Multiple vulnerabilities in Dell Integrated Data Protection Appliance

Multiple Vulnerabilities IBM Cloud Pak System

Dell EMC Enterprise Hybrid Cloud update for VMware products

Multiple vulnerabilities in VMware vCenter Server