VMware vCenter VMSA-2021-0010 Advisory

In this VMware vCenter VMSA-2021-0010 Advisory, VMware vCenter Server updates address remote code execution and authentication vulnerabilities (CVE-2021-21985, CVE-2021-21986).

VMware Impacted Products?

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

Who is affected?

VMware Security Advisories always list the specific product versions that are affected. In this case it is vCenter Server 6.5, 6.7, and 7.0.

What’s Happening?

In this VMware Advisory they have discovered multiple vulnerabilities in the vSphere Client (HTML5). If the hacker has access to point 443 they could exploit a vulnerability that would allow commands to be executed with unrestricted privileges. VMware advised to update your servers right now!

How to protect your servers.

You can protect yourself by patching vCenter Server, this is the fastest way to resolve this problem and removes the vulnerability completely. From there you can update any plugins as vendors release new versions.

 


Discover more from Patrick Domingues

Subscribe to get the latest posts sent to your email.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.