Security Week 23: Exploiting a Vulnerability in VMware vCenter
Vulnerability in VMware vCenter Server – Software for controlling cloud infrastructure – risks becoming a problem comparable in danger to the previously discovered zero-day in Microsoft Exchange. Although the number of vCenter Server installations available from the network is much smaller (thousands versus tens of thousands of mail servers), each of them can manage a huge fleet of virtual systems. Vulnerability CVE-2021-21985 was patched at the end of May, and the news of this week is the appearance of a working Proof of Concept in the public domain and the beginning of the active exploitation phase.
Another similarity to the March problems in Microsoft Exchange is the danger of the vulnerability itself. It scored 9.8 out of 10 on the CVSSv3 scale and provides an attacker with full access to the operating system running vCenter. Specifically, the vulnerability was found in the Virtual SAN Health Check plugin, which is enabled by default. For administrators of infrastructure based on VMware solutions, this is a reason to immediately update to the latest version, or at least block the problematic code from working.
Sources of
- Security Advisory dated May 25.
- Article in the Knowledge Base with a description of how to block the plugin (direct plug-in disabling does not close the vulnerability).
- Public Proof of Concept.
- Release Notes for vCenter Server 6.7 Update 3n. Also a patch has been released for versions 7.0 and 6.5…
- Fast on the VMware Blog and FAQ…
- Article in the ArsTechnica edition.
- News on Habré.