VMware vCenter vulnerability
A Remote Command Execution vulnerability has been identified in VMware vCenter products. The vulnerability has been assigned a CVSS score of 9.8 (official advisory). CVE: 2021-21985, 2021-21986
The vulnerability permits potential threat actors to access vulnerable servers and execute privileged commands for system compromise.
Vulnerable Systems
vCenter Server systems are products frequently deployed within enterprise networks. The presence of this vulnerability within the perimeter reduces exposure to internal access vectors only.
The criticality of this vulnerability stems from the possibility that a threat actor with network access to port 443 can gain access to the VMware server.
Systems potentially exposed on public networks can be identified. In Italy, approximately 143 systems are potentially vulnerable. Globally, approximately 5 000. Security patches must be applied; to mitigate risk, restricting access from the internet is recommended.
Vulnerability Details
Overview:
The vSphere client (HTML5) contains a Remote Code Execution vulnerability due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. This flaw can be exploited through T1190 (Exploit Public-Facing Application) attack vectors. Organizations implementing Cybersecurity Advisory protocols should prioritize patching this exposure.
Exploitation Method:
A threat actor with network access to port 443 can exploit this vulnerability to execute commands on the vCenter Server.
