Cato Networks Knowledge Base

CVE-2021-21972 VMware vCenter RCE

  • Updated

Overview

On February 23 2021, VMware released a security advisory (VMSA-2021-0002) to address two vulnerabilities in vCenter Server, as well as a vulnerability in the VMWare ESXi hypervisor.

 

CVE Affected Product CVSSv3
CVE-2021-21972 vCenter Server

9.8

CVE-2021-21973 vCenter Server 5.3
CVE-2021-21974 ESXi 8.8

Impact

The most notable vulnerability disclosed as part of this advisory is CVE-2021-21972. 

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Resolution

In view of protecting our customers, Cato has globally deployed a set of Intrusion Prevention System (IPS) signatures to mitigate this vulnerability threat. If you have the Cato IPS enabled, you are protected from this exploit with no user-interaction (or patching) required.

 

In the event that malicious traffic is identified which fits the CVE-2021-21972 signature profile, traffic will be blocked and a record of evidence will be generated within the Cato Management Application within the Events Discovery window. 

 

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.