Event Summary
VMWare has released a critical advisory regarding multiple vulnerabilities in their vCenter machines using the default configuration. This affects the vSphere Client (HTML5). This vulnerability has a CVSS rating of 9.8 out of 10.
Details – CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
Affected Versions:
vCenter Server versions 7.0, 6.7, 6.5
Impacted products suite that deploy response Matrix 3a Components:
Cloud Foundation version 4.x, 3.x
Recommendations
VMWare has released patches to fix this vulnerability and the company has provided them for each version.
Version 7.0 Version 6.7 Version 6.5
If patching is not immediately available, VMWare has provided workarounds provided here. These instructions can show you how to disable the VMware plugins in vCenter servers.
It is highly recommended to patch immediately or apply the workarounds as needed.
SOD Actions
As information is made available, the Security On-Demand Threat Recon Unit will continue to monitor these events as information is forthcoming. Patching these vulnerabilities is of paramount importance and should be done immediately, if regular patching has not already been applied. SOD continues to provide a monthly list of managed device vulnerabilities in order to identify key vulnerabilities prior to exploitation. The Threat Recon Unit will continue to monitor this activity and will provide any critical updates as more information is provided. Please contact us if you have any questions.
Sources
https://kb.vmware.com/s/article/83829 (Workaround instructions)
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
