A critical vulnerability in VMware vCenter termed CVE-2021-21985 required to be patched immediately. This known vulnerability is rated with a CVSS score of 9.8 out of 10, and it could enable malware authors to execute arbitrary code on compromised server.
As the experts explained, this flaw is triggered due to lack of input validation in Virtual SAN Health Check plug-in, that is enabled by default in vCenter server. Here includes the products that is impacted by this flaw:
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
The advisory says, “Multiple vulnerabilities in the vSphere Client (HTML5) were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.” and this flaw were reported by a security analyst named Ricter Z of 360 Noah Lab.
VMware vCenter is a server management tool that is used to control virtual machines, ESXi hosts, and other components from a centralized location. A number of versions are affected that includes 6.5, 6.7, and 7.0, and Cloud Foundation versions 3.x and 4.x.
It’s noteworthy that the released patches should also fix and authentication issue in the vSphere Client which impacts virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager and Vmware Cloud Director Availability plug-ins. Technically, the issue is named as CVE-2021-21986 and rated 6.5 out of 10 according to CVSS scale. Using this flaw, the hackers can manage to perform actions permitted by plug-ins without authentication.