VMware patches Critical vulnerability that exposed thousands of servers online

VMware patches Critical vulnerability that exposed thousands of servers online

VMware has patched multiple vulnerabilities, to include one Critical vulnerability (CVE-2021-21972) that has exposed thousands of servers online.

In total, VMware has patched three vulnerabilities in VMware ESXi and vCenter Server products as part of security advisory VMSA-2021-0002 issued on February 23, 2021.

Servers exposed to CVE-2021-21972

One of the VMware patches addressed a vulnerability in the vSphere Client (HTML5), which contains a remote code execution vulnerability CVE-2021-21972 in a vCenter Server plugin.

“A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” VMware wrote in the advisory.

Of special note, security researchers have already actively scanned and spotted online servers vulnerable to CVE-2021-21972.

According to a tweet sent out Wednesday, Bad Packets detected “mass scanning” targeting VMware vCenter servers:

To make matters worse, several researchers have also posted proof-of-concept (PoC) exploit code, which bad actors may have already used in speeding up attacks against internet-exposed VMware systems.

Moreover, the Critical vulnerability CVSS score is rated 9.8 and impacts VMware vCenter Server versions 6.5, 6.7 and 7.0.

OpenSLP CVE-2021-21974

In addition, VMware also patched an ESXi OpenSLP heap-overflow vulnerability (CVE-2021-21974).

“A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution,” VMware noted in the advisory.

The vulnerability CVSS score is rated 8.8 and impacts VMware ESXi versions 6.5, 6.7 and 7.0.

vSphere Client SSRF CVE-2021-21973

The third VMware patch fixed an SSRF vulnerability in the vSphere Client (CVE-2021-21973).

“A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure,” VMware added.

The Critical vulnerability CVSS score is rated 5.3 and impacts VMware vCenter Server versions 6.5, 6.7 and 7.0.

Related Articles