VMware Issues Patches for Vulnerabilities (CVE-2021-21985, CVE-2021-21986)

Overview

VMware has issued patches and workarounds for two critical vulnerabilities (CVE-2021-21985, CVE-2021-21986) that exist on vSphere Client (HTML5). The first vulnerability is of Remote Code Execution (RCE) type with a CVSS rating of 9.8, and the second vulnerability is of Authentication Bypass type with a CVSS rating of 9.8.

Description

The first vulnerability (CVE-2021-21985) is a Remote Code Execution (RCE) vulnerability that exist in the VMware vSphere Client (HTML5). The vulnerability stems from a lack of input validation in the Virtual SAN Health Check plug-in that comes enabled by default in vCenter Server. Due to the vulnerability, attackers with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Impact

An attacker with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system that hosts vCenter Server.

An attacker with network access to port 443 can gain full access on the impacted plugins without authentication.

Solution (Update/Workaround)

To defend against possible attacks due to the announced vulnerabilities, affected VMware products need to be updated or the mitigation measures should be applied in line with the VMware Advisory (VMSA-2021-0010).

As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.

Newton Lee

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

• VMware Advisory (VMSA-2021-0010)
• VMware vSphere Blog (VMSA-2021-0010: What You Need to Know)
• https://nvd.nist.gov (CVE-2021-21985)
• https://nvd.nist.gov (CVE-2021-21976)

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?