On February 23 2021, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server, as well as a vulnerability in the VMWare ESXi hypervisor.
The most notable vulnerability disclosed as part of this advisory is CVE-2021-21972.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 22.214.171.124).
In view of protecting our customers, Cato has globally deployed a set of Intrusion Prevention System (IPS) signatures to mitigate this vulnerability threat. If you have the Cato IPS enabled, you are protected from this exploit with no user-interaction (or patching) required.
In the event that malicious traffic is identified which fits the CVE-2021-21972 signature profile, traffic will be blocked and a record of evidence will be generated within the Cato Management Application within the Events Discovery window.
Please sign in to leave a comment.