VMware issued a security advisory on February 23rd for multiple vulnerabilities, including CVE-2021-21972, an unauthenticated remote code execution (RCE) vulnerability in VMware vCenter. The flaw was found by Mikhail Klyuchnikov of Positive Technologies. Few details have been given about the vulnerability until administrators have had time to update. According to the security advisory, the issue lies within the HTML5 client for a vCenter Server plugin. Anyone with access to port 443 to the server can issue commands to the host system with “unrestricted privileges”. VMware has given this this vulnerability a CVSSv3 score of 9.8 out of 10, a Critical severity rating. As of this writing, over 6700 vCenter servers could be found that were accessible directly from the Internet.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased