A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / VMware Remote Code Execution Vulnerability – CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974

VMware Remote Code Execution Vulnerability – CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974

Advisory No: TZCERT/SA/2021/02/25

Date of First Release: 25th February 2021

Source: VMware

Software Affected: 

  • VMware vCenter Server version 6.5, 6.7 and 7.0
  • VMware ESXi version 6.5, 6.7 and 7.0
  • VMware Cloud Foundation (vCenter Server) version 3.x and 4.x
  • VMware Cloud Foundation (ESXi) version 3.x and 4.x

Overview:

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin that could allow unauthenticated, remote attacker to execute arbitrary code remotely.

Description:

The vulnerability allows unauthorized clients to execute arbitrary commands and send requests on behalf of the targeted server via unauthorized file uploading that lead a remote code execution and unauthorized server-side request forgery (SSRF).

Impact:

Successful exploitation of the vulnerability could allow an unprivileged user to gain access to the system.

Solution:

VMware has issued both workaround and security update to address the affected products. Users and administrators are advised to apply necessary updates or perform the published workarounds as temporary solution when necessary.   

References:

  1. https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Check Also

Google Chrome Zero-Day remote code execution vulnerability (CVE-2021-21220)

Advisory No: TZCERT/SA/2021/04/15 Date of First Release: 15th April 2021 Source: Google  Software Affected: Google Chrome (Desktop version) prior to …