Multiple Vulnerabilities in VMware vCenter Server Could Allow for Remote Code Execution
MS-ISAC ADVISORY NUMBER:2021-072 - UPDATED
DATE(S) ISSUED:05/26/2021 06/04/2021 - UPDATED
OVERVIEW:Multiple vulnerabilities have been discovered in VMware vCenter Server, the most severe of which could allow for remote code execution. VMware vCenter Server is a centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code in context of the user running the application.
THREAT INTELLIGENCE:There are currently no reports of this vulnerability being exploited in the wild. June 4 - UPDATED THREAT INTELLIGENCE: Threat intelligence firm Bad Packets has reported that hackers are actively scanning the Internet for VMware vCenter servers vulnerable against a critical RCE flaw recently fixed by VMware.
- VMWare vCenter Server versions 6.5, 6.7, 7.0
- Large and medium government entities: HIGH
- Small government entities: MEDIUM
- Large and medium business entities: HIGH
- Small business entities: MEDIUM
TECHNICAL SUMMARY:Multiple vulnerabilities have been discovered in VMware vCenter Server, which could result in remote code execution. Details of these vulnerabilities are as follows:
- A remote code execution vulnerability in vCenter Server which enables a malicious actor to execute commands with unrestricted privileges. (CVE-2021-21985)
- An authentication mechanism issue in vCenter Server Plug-ins which enable a malicious actor to perform unauthorized actions. (CVE-2021-21086)
RECOMMENDATIONS:We recommend the following actions be taken:
- Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
Information Hub : Advisories
Blog post • 11 Jun 2021
Press-release • 10 Jun 2021
Blog post • 09 Jun 2021
White paper • 09 Jun 2021