VMware vCenter Server remote code execution and authentication vulnerabilities.
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”. https://threatpost.com/vmware-ransomware-alarm-critical-bug/166501/ Admins responsible for vCenter machines that have yet to patch CVE-2021-21985 should install the update immediately if possible. Learn More »
Common Vulnerabilities and Exposures
Background
The vSphere Client (HTML5) contains a remote code execution vulnerabilities (CVE-2021-21985, CVE-2021-21986) due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Threat actors are actively scanning for Internet-exposed & un-patched VMware vCenter servers. Security researchers have also developed and published a proof-of-concept (PoC) RCE exploit code targeting this critical VMware vCenter bug tracked as CVE-2021-21985.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Full details are available from VMWare's announcement at https://www.vmware.com/security/advisories/VMSA-2021-0010.html NMAP script to identify the vulnerability: https://github.com/alt3kx/CVE-2021-21985_PoC/blob/main/CVE-2021-21985.nse
April 27, 2022: Added to CISA, 2021 Top Routinely Exploited Vulnerabilities
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.