VMware Remote Code Execution Vulnerability - CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974

Imechapishwa: Feb 25, 2021 19:41

Advisory No:

Source:

Software Affected:

Overview

Description

Advisory No: TZCERT/SA/2021/02/25

Date of First Release: 25th February 2021

Source: VMware

Software Affected: 

  • VMware vCenter Server version 6.5, 6.7 and 7.0
  • VMware ESXi version 6.5, 6.7 and 7.0
  • VMware Cloud Foundation (vCenter Server) version 3.x and 4.x
  • VMware Cloud Foundation (ESXi) version 3.x and 4.x

Overview:

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin that could allow unauthenticated, remote attacker to execute arbitrary code remotely.

Description:

The vulnerability allows unauthorized clients to execute arbitrary commands and send requests on behalf of the targeted server via unauthorized file uploading that lead a remote code execution and unauthorized server-side request forgery (SSRF).

Impact:

Successful exploitation of the vulnerability could allow an unprivileged user to gain access to the system.

Solution:

VMware has issued both workaround and security update to address the affected products. Users and administrators are advised to apply necessary updates or perform the published workarounds as temporary solution when necessary.   

References:

  1. https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Impact

Solution

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio