{"id":2593,"date":"2021-06-07T10:07:38","date_gmt":"2021-06-07T08:07:38","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2593"},"modified":"2026-06-08T23:08:19","modified_gmt":"2026-06-08T23:08:19","slug":"vmware-vcenter-vulnerability","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/vmware-vcenter-vulnerability\/","title":{"rendered":"VMware vCenter vulnerability"},"content":{"rendered":"\n<p style=\"text-align: justify\">A Remote Command Execution vulnerability has been identified in VMware vCenter products. The vulnerability has been assigned a CVSS score of 9.8 (<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0010.html?irclickid=UaYwS1QFuxyLUTH0WlXSvXJOUkBwSER5F2lmyE0&amp;utm_source=affiliate&amp;utm_medium=ONLINE_TRACKING_LINK_&amp;utm_campaign=Online%20Tracking%20Link&amp;utm_term=Network_Skimbit%20Ltd.&amp;irgwc=1\" class=\"ek-link\">official advisory<\/a>). CVE: 2021-21985, 2021-21986<\/p>\n<p style=\"text-align: justify\">The vulnerability permits potential threat actors to access vulnerable servers and execute privileged commands for system compromise.<\/p>\n\n\n\n<div class=\"wp-block-group alignwide\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<h2 class=\"has-text-align-center wp-block-heading\">Vulnerable Systems<\/h2>\n\n\n\n<div class=\"wp-block-media-text alignwide\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/06\/image-8.png\" alt=\"\" class=\"wp-image-2599\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p style=\"text-align: justify\">vCenter Server systems are products frequently deployed within enterprise networks. The presence of this vulnerability within the perimeter reduces exposure to internal access vectors only.<\/p>\n<p>The criticality of this vulnerability stems from the possibility that a threat actor with network access to port 443 can gain access to the VMware server.<\/p>\n\n\n\n<p style=\"text-align: justify\">Systems potentially exposed on public networks can be identified. In <strong>Italy, approximately 143<\/strong> systems are potentially vulnerable. Globally, <strong>approximately 5 000<\/strong>. Security patches must be applied; to mitigate risk, restricting access from the internet is recommended.<\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">Vulnerability Details<\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">Overview:<\/h5>\n\n\n\n<p style=\"text-align: justify\">The vSphere client (HTML5) contains a Remote Code Execution vulnerability due to insufficient input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. This flaw can be exploited through T1190 (Exploit Public-Facing Application) attack vectors. Organizations implementing <a href=\"https:\/\/fortgale.com\/en\/cybersecurity-advisory\/\">Cybersecurity Advisory<\/a> protocols should prioritize patching this exposure.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Exploitation Method:<\/h5>\n\n\n\n<p style=\"text-align: justify\">A threat actor with network access to port 443 can exploit this vulnerability to execute commands on the vCenter Server.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Vulnerable Systems Detail:<\/h5>\n\n\n\n<figure class=\"wp-block-table alignwide\"><table class=\"\"><tbody><tr><td>Product<\/td><td>Version<\/td><td>Running On<\/td><td>CVE Identifier<\/td><td>CVSSv3<\/td><td>Severity<\/td><td>Fixed Version<\/td><td>Workarounds<\/td><td>Additional Documentation<\/td><\/tr><tr><td>vCenter Server<\/td><td>7.0<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-70u2b-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">7.0 U2b<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.7<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.7\/rn\/vsphere-vcenter-server-67u3n-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">6.7 U3n<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.5<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.5\/rn\/vsphere-vcenter-server-65u3p-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">6.5 U3p<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>VMware vCenter critical vulnerability: unauthenticated RCE primitives, exposure metrics, exploitation evidence and remediation steps for affected estates.<\/p>\n","protected":false},"author":1,"featured_media":2599,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[14,15,87,3295,89,3296,264,287,310,316,3268,372,378,3294],"class_list":["post-2593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-2021-21985","tag-2021-21986","tag-critical","tag-critical-cve","tag-cve","tag-hypervisor-management","tag-patch","tag-rce","tag-server","tag-shodan","tag-unauthenticated-rce","tag-vcenter","tag-vmware","tag-vmware-vcenter"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2593"}],"version-history":[{"count":1,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2593\/revisions"}],"predecessor-version":[{"id":9905,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2593\/revisions\/9905"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}