• Language chooser
    • USA (English)
    • France (Français)

VMware vCenter Server Vulnerabilities

Released: Jul 22, 2021


High Severity

VMware Vendor

Vulnerability Type

VMware vCenter Server remote code execution and authentication vulnerabilities.

VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”. https://threatpost.com/vmware-ransomware-alarm-critical-bug/166501/ Admins responsible for vCenter machines that have yet to patch CVE-2021-21985 should install the update immediately if possible. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-21985
CVE-2021-21986

Background

The vSphere Client (HTML5) contains a remote code execution vulnerabilities (CVE-2021-21985, CVE-2021-21986) due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Threat actors are actively scanning for Internet-exposed & un-patched VMware vCenter servers. Security researchers have also developed and published a proof-of-concept (PoC) RCE exploit code targeting this critical VMware vCenter bug tracked as CVE-2021-21985.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Full details are available from VMWare's announcement at https://www.vmware.com/security/advisories/VMSA-2021-0010.html NMAP script to identify the vulnerability: https://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse


April 27, 2022: Added to CISA, 2021 Top Routinely Exploited Vulnerabilities

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
DETECT
RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
109.237.96.124 ip Active
195.19.192.26 ip Active
62.76.41.46 ip Active
82.114.253.13 ip Active
89.223.91.225 ip Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0