Security

Mitigation Instructions for CVE-2021-21985

Written by CyRisk Vulnerability Management Team | Feb 23, 2024 9:42:21 PM

SUBJECT: Critical VMware vCenter Server RCE Vulnerability: Patch Immediately (CVE-2021-21985)

TECH STACK: VMware vCenter Server 6.5, 6.7, and 7.0 (specific versions listed in references)

DATE(S) ISSUED: 05/26/2021

NVD Last Modified: 09/14/2021

CRITICALITY: (CVSS v3 Score: 9.8)

OVERVIEW: 

This vulnerability (CVE-2021-21985) affects VMware vCenter Server versions 6.5, 6.7, and 7.0 due to lack of input validation in the Virtual SAN Health Check plug-in. A remote attacker with network access to port 443 can exploit this vulnerability to execute arbitrary code with unrestricted privileges on the underlying operating system hosting vCenter Server. This gives attackers complete control over the affected system, podendo lead to data theft, malware installation, and disruption of services.

SOLUTION/MITIGATION: 

The primary mitigation for this vulnerability is to update vCenter Server to the latest patched version immediately. VMware has released patches for all affected versions:

  • vCenter Server 6.5 Update 3n
  • vCenter Server 6.7 Update 3m
  • vCenter Server 7.0 Update 2a

Additional mitigation steps:

  • Restrict access to the vCenter Server administration console to trusted users only.
  • Implement strong passwords and enable two-factor authentication for administrator accounts.
  • Regularly scan your vCenter Server installation for vulnerabilities and apply security patches promptly.
  • Consider alternative virtualization platforms if updating vCenter Server is not feasible.

Confirmation & Additional Information:

  • This vulnerability is included in CISA's Known Exploited Vulnerabilities Catalog, requiring immediate patching.
  • The vulnerability exploits a code injection flaw in the Virtual SAN Health Check plug-in.
  • For detailed technical information and exploit examples, refer to the third-party advisories listed below.
  • Patching is crucial to mitigate this critical vulnerability. Take immediate action to update your vCenter Server installation to a patched version.

REFERENCES:

Third Party Advisories:

  1. CISA Known Exploited Vulnerabilities Catalog
  2. VMware Security Advisory
  3. Packet Storm