www.belgium.be Logo of the federal government

Remote code execution vulnerability in the VMWare vSphere Client

Reference: 
Advisory #2021-011
Version: 
1.0
Affected software: 
vCenter Server 7.0
vCenter Server 6.7
vCenter Server 6.5
Type: 
Remote Code Exécution (RCE)
CVE/CVSS: 

CVE-2021-21985- CVSS: 9.8

Sources

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

https://kb.vmware.com/s/article/83829

Risks

A threat actor with network access to port 443 may exploit this vulnerability to execute arbitrary code with unrestricted privileges on the host operating system running the Vmware vCenter server.

VMWare draws attention to the ability of ransomware operators to take advantage of this type of vulnerability very quickly after they are published.

Description

CVE-2021-21985 consists of a remote code execution vulnerability in the vSphere client (HTML5) due to an absence of input validation in the VSAN Health Check plugin, which is enabled by default.

Recommended Actions

CERT.be recommends to all System administrators to upgrade their VMware vCentre Server systems to the latest versions released by the vendor. VMware also provides a workaround for admins who can’t yet install the updates. They can remediate the solution by disabling VMware Plugins in vCenter Server.