VMware Urges Rapid Patching for Serious vCenter Server Bug
Compliance
Compliance Twitter Get Permission
VMware is warning all vCenter Server administrators to patch their software to fix both a serious vulnerability that could be used to execute arbitrary code, as well as a separate authentication flaw.
Administrators use vCenter Server to manage installations of vSphere, which is VMware s virtualization platform.
The vulnerabilities need your immediate attention if you are using vCenter Server, VMware s Bob Plankers says in a blog post. All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so the decision on how to proceed is up to you, he writes. However, given the severity, we strongly recommend that you act.
Critical RCE Vulnerability Discovered in VMware vCenter Server May 26, 2021 11:32 GMT
· Comment
VMware
VMware has released fixes to address a significant vulnerability in vCenter System that can be exploited by an attacker to execute arbitrary code on the server.
The vulnerability, identified as CVE-2021-21985 (CVSS score 9.8), originates from a lack of input validation in the Virtual SAN (vSAN) plug-in Health Check. This plug-in is enabled by default in vCenter Server.
VMware said in its advisory that A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server .
VMware Urges Rapid Patching for Serious vCenter Server Bug govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
VMware issues emergency change for vCenter Server exploits reseller.co.nz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from reseller.co.nz Daily Mail and Mail on Sunday newspapers.