VMware Remote Code Execution and Authentication Vulnerability (CVE-2021-21985, CVE-2021-21986)

Imechapishwa: May 27, 2021 10:02

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2021/05/27

Date of First Release: 27th May 2021

Source: VMware 

Software Affected: 

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

Overview:

Multiple vulnerabilities exist in vSphere Client (HTML5) that could cause remote code execution (CVE-2021-21985) and perform actions allowed by Virtual SAN Health Check plug-in without authentication (CVE-2021-21986).

Description:

The vSphere Client (HTML5) contains a remote code execution (CVE-2021-21985) vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in enabled in the vCenter server by default.

Similarly, the client contains another authentication vulnerability (CVE-2021-21986) for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins that could allow an attacker to bypass authentication and perform actions supported by the plug-ins.

Impact:

Successful exploitation of these vulnerabilities could lead to remote code execution and authentication bypass on the affected system.

Solution:

VMware has issued both security updates to address the affected products. Users and administrators are advised to apply necessary updates (Vcenter server (7.0 U2b, 6.7 U3n, 6.5 U3p), Cloud Foundation ( 4.2.1 and .10.2.1)) on affected products.

References:

  1. https://kb.vmware.com/s/article/83829
  2. https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio