07/06/2021

VMWare – vCenter Server remote code execution – CVE-2021-21985

The following Advisory has been published:

CVE-2021-21985 – Critical 9.8: VMware vCenter Server remote code execution

Summary:

VMware has issued patches for a Remote Code Execution (RCE) vulnerability in vCenter Server (CVE-2021-21985), with a CVSSv3 score of 9.8 (Critical). To exploit this vulnerability, an attacker would need to be able to access vCenter Server over port 443. Even if an organization has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network. VMware have identified that ransomware groups could exploit this flaw once within the network. Successful exploitation would give an attacker the ability to execute arbitrary commands on the underlying vCenter host.

Proof of concept code is also now available for this vulnerability, with reporting of scanning by threat actors over the weekend.

Jisc will be carrying out Janet wide discovery scans for vCenter servers exposed to the internet with this issues.

Vulnerable versions:

  • 7.0 prior to 7.0 U2b
  • 6.7 prior to 6.7 U3n
  • 6.5 prior to 6.5 U3p

Recommendation(s):

Defenders are strongly advised to ensure that:

  • vCenter is not internet accessible,
  • they have patched this critical issue, and
  • robust patching and validation processes are in place around these, and other, critical systems.

Full details and references:

This alert has also been posted on CISP https://share.cisp.org.uk/groups/academia/blog/2021/06/07/security-advisory-critical-vmware-vcenter-server-remote-code-execution-cve-2021-21985.

CVVS 3.1:

Base score: 9.8 (Critical)

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Recipients are encouraged to calculate the Environmental Score for each of their affected systems, to aid with prioritisation, a calculator is available at https://www.first.org/cvss/calculator/3.0

If you have any questions or concerns about this advisory, please contact the team on support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners