Advisory February 25, 2021

VMware Vulnerabilities Advisory

Obrela SOC

On February 23, VMware issued a security advisory (VMSA-2021-0002) regarding 3 vulnerabilities affecting VMware ESXi, VMware vCenter Server, and VMware Cloud Foundation. According to open source intelligence, it is estimated that more than 6.700 systems are vulnerable

VMware vCenter Server RCE in vSphere Client (CVE-2021-21972)

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Severity: 9.8 (Critical)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

ESXi heap overflow (CVE-2021-21974)

A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

Severity: 8.8 (Important)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/76372

Vmware vCenter Server SSRF in vSphere Client (CVE-2021-21973)

A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.

Severity: 5.3 (Moderate)

Affected versions: 7.0, 6.7, 6.5

Suggested resolution steps: https://kb.vmware.com/s/article/82374

Mitigation

Updates are available to remediate these vulnerabilities in affected VMware products, however only the provided steps ensure temporary mitigation. It is advised to perform the provided workarounds for each vulnerability separately, as soon as possible as exploitation proof of concept scripts are now publicly available for both Windows and Linux targets.