Overview
VMware has issued patches and workarounds for two critical vulnerabilities (CVE-2021-21985, CVE-2021-21986) that exist on vSphere Client (HTML5). The first vulnerability is of Remote Code Execution (RCE) type with a CVSS rating of 9.8, and the second vulnerability is of Authentication Bypass type with a CVSS rating of 9.8.
Description
The first vulnerability (CVE-2021-21985) is a Remote Code Execution (RCE) vulnerability that exist in the VMware vSphere Client (HTML5). The vulnerability stems from a lack of input validation in the Virtual SAN Health Check plug-in that comes enabled by default in vCenter Server. Due to the vulnerability, attackers with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system that hosts vCenter Server.
The second vulnerability (CVE-2021-21986) also exist in the VMware vSphere Client (HTML5) and it is of Authentication Bypass type. Specifically, the flaw exists at the vSphere authentication mechanism and it affects the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plugins. Due to the vulnerability, attackers with network access to port 443 can gain full access on the impacted plugins without authentication.
The specific product versions affected by the vulnerabilities are vCenter Server 6.5, 6.7, 7.0 and Cloud Foundation (vCenter Server) 3.x and 4.x.
Impact
An attacker with network access to port 443 could execute arbitrary command with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Impact Summary (CVE-2021-21985)
Category: Remote Code Execution (RCE)
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An attacker with network access to port 443 can gain full access on the impacted plugins without authentication.
Impact Summary (CVE-2021-21986)
Category: Authentication Bypass
CVSS 3.1 Base Score: 9.8 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Solution (Update/Workaround)
To defend against possible attacks due to the announced vulnerabilities, affected VMware products need to be updated or the mitigation measures should be applied in line with the VMware Advisory (VMSA-2021-0010).
As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.
Newton Lee
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- VMware Advisory (VMSA-2021-0010)
- VMware vSphere Blog (VMSA-2021-0010: What You Need to Know)
- https://nvd.nist.gov (CVE-2021-21985)
- https://nvd.nist.gov (CVE-2021-21976)
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
){kind=link}