Service Updates

07/06/2021

VMWare – vCenter Server remote code execution – CVE-2021-21985

The following Advisory has been published:

CVE-2021-21985 – Critical 9.8: VMware vCenter Server remote code execution

Summary:

VMware has issued patches for a Remote Code Execution (RCE) vulnerability in vCenter Server (CVE-2021-21985), with a CVSSv3 score of 9.8 (Critical). To exploit this vulnerability, an attacker would need to be able to access vCenter Server over port 443. Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network. VMware have identified that ransomware groups could exploit this flaw once within the network. Successful exploitation would give an attacker the ability to execute arbitrary commands on the underlying vCenter host.

Proof of concept code is also now available for this vulnerability, with reporting of scanning by threat actors over the weekend.

Jisc will be carrying out Janet wide discovery scans for vCenter servers exposed to the internet with this issues.

Vulnerable versions:

  • 7.0 prior to 7.0 U2b
  • 6.7 prior to 6.7 U3n
  • 6.5 prior to 6.5 U3p

Recommendation(s):

Defenders are strongly advised to ensure that:

  • vCenter is not internet accessible,
  • they have patched this critical issue, and
  • robust patching and validation processes are in place around these, and other, critical systems.

Full details and references:

This alert has also been posted on CISP https://share.cisp.org.uk/groups/academia/blog/2021/06/07/security-advisory-critical-vmware-vcenter-server-remote-code-execution-cve-2021-21985.

CVVS 3.1:

Base score: 9.8 (Critical)

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Recipients are encouraged to calculate the Environmental Score for each of their affected systems, to aid with prioritisation, a calculator is available at https://www.first.org/cvss/calculator/3.0

If you have any questions or concerns about this advisory, please contact the team on support@empsn.org.uk

Related Posts

01/03/2024
P1 Incident Resolved – *16 Sites* Impacted across the emPSN Estate – INC02982536

Update 01/03/2024 06:45: Nasstar has resolved the P1 Issue and continues to contact individual sites to ensure services have been restored. Fault Resolution: Faulty fibre within Nasstar Core Network

Service Updates
19/04/2023
emPSN Core Internet Upgrade

In early May, we are upgrading our current Janet Internet Connections from 20Gb to 40Gb, doubling internet capacity allowing for future growth as our schools continue to demand higher bandwidth to meet the Department of… More »

Service Updates
21/02/2023
Planned Works – emPSN Firewall Replacement

What are we doing emPSN plan to replace their existing core firewalls on 04/04/2023 from 18:00. The planned works will take around 4 hours and over this period there will be disruption to all of… More »

Service Updates

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners