Remote code execution vulnerability in the VMWare vSphere Client
CVE-2021-21985- CVSS: 9.8
A threat actor with network access to port 443 may exploit this vulnerability to execute arbitrary code with unrestricted privileges on the host operating system running the Vmware vCenter server.
VMWare draws attention to the ability of ransomware operators to take advantage of this type of vulnerability very quickly after they are published.
CVE-2021-21985 consists of a remote code execution vulnerability in the vSphere client (HTML5) due to an absence of input validation in the VSAN Health Check plugin, which is enabled by default.
CERT.be recommends to all System administrators to upgrade their VMware vCentre Server systems to the latest versions released by the vendor. VMware also provides a workaround for admins who can’t yet install the updates. They can remediate the solution by disabling VMware Plugins in vCenter Server.