Multiple Vulnerabilities on VMware Products – Including a RCE (CVE-2021-21972)

Multiple Vulnerabilities on VMware Products – Including a RCE (CVE-2021-21972)

Multiple vulnerabilities, two Remote Code Execution (CVE-2021-21972, CVE-2021-21974) and one Server Side Request Forgery (CVE-2021-21973), that affect VMware ESXi, vCenter Server and Cloud Foundation have been reported by VMware.

Overview

Multiple vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) that affect VMware ESXi, vCenter Server and Cloud Foundation have been reported by VMware. Two of the vulnerabilities are critical with CVSS ratings of 9.8 and 8.8, and a third vulnerability has a medium CVSS rating of 5.3.

Description

The first vulnerability (CVE-2021-21972) is a Remote Code Execution (RCE) vulnerability that exist in the VMware vSphere Client. Due to the vulnerability, attackers with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system.

The second vulnerability (CVE-2021-21974) is also a RCE type that stems from a Heap-based Buffer Overflow bug in the VMware ESXi. Attackers who have access to the same network segment (Adjacent Network, in the parlance of CVSS) as ESXi and to port 427 could exploit the vulnerability to take full control of the system.

The last vulnerability (CVE-2021-21973) is a SSRF (Server Side Request Forgery) vulnerability that exist in the VMware vSphere Client. The vulnerability stems from improper validation of URLs in the vCenter Server. Attackers with network access to port 443 could exploit this vulnerability to cause information disclosure.

Impact

An attacker with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system.

Impact Summary (CVE-2021-21972)

Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An attacker residing at the same network segment as ESXi and to port 427 could cause Buffer Overflow and run arbitrary code in the target system, leading to a full take-over of the system.

Impact Summary (CVE-2021-21974)

Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 8.8 High
CVSS 3.1 Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An attacker with network access to port 443 could exploit this vulnerability to cause information disclosure.

Impact Summary (CVE-2021-21973)

Category: Server Side Request Forgery (SSRF)
CVSS 3.1 Base Score: 5.3 Medium
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Solution (Update/Workaround)

To defend against possible attacks due to the announced vulnerabilities, affected VMware products need to be updated or the mitigation measures should be applied in line with the VMware Advisory.

Quote by Theo De Raadt
Quote by Theo De Raadt

You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can’t write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.

Theo De Raadt

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?