Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

VMware patches another severe security bug

Image Description

VMware has patched a remote code exploitation vulnerability that once again plagued its popular vCenter Server.

The issue this time around existed in a plugin in the vSphere HTML5 client. Whether you used the impacted Virtual SAN Health plugin or not, the fact that it lacks input validation, enabled malicious users to exploit it to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

vCenter Server helps administer VMware’s vSphere and ESXi host products and is popularly used for managing the virtualization instances in data centers

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Given vCenter’s popularity and the scope of the vulnerability, it isn’t surprising that the vulnerability has been assigned a maximum severity score of 9.8.

Patch immediately

According to VMware’s security advisory, the vulnerability, tracked as CVE-2021-21985, impacts vCenter Server v6.5, v6.7, and v7.0. 

VMware’’s technical marketing architect, Bob Plankers wrote about the vulnerability and urged all users to apply the patches without delay.

“This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not,” wrote Plankers asking IT admins to treat the patch as an emergency change, while he shared some tips to apply the patch.

VMware’s apparent urgency isn’t without cause. This is the second vCenter vulnerability this year with a severity rating of 9.8. 

Ars Technica reports that malicious users were out scanning the Internet for vulnerable servers soon after the disclosure of the previous vulnerability and it took less than a day for them to write half a dozen proof-of-concept exploits. 

Via Ars Technica

Date

26 May 2021

Sources

Share

Other Blog

  • Amazon Prime Day 2021: Tips to help you avoid getting scammed

    Security experts provide tips to stop you falling victim to a scam on Amazon Prime Day.

    Read More

  • AMD promises RDNA 3 GPUs will be as big a leap forward as Big Navi

    AMD is already talking about ‘Bigger Navi’, and how we can expect to be impressed by these graphics cards.

    Read More

  • SSD Systems evaluation

    Our SSD Systems evaluation looks at their access control solutions, including the technology, system integration, and access control mobile app.

    Read More

  • Business phone system: 5 compelling reasons they're essential for any SMB

    Setting up a business phone system is no longer a difficult feat for small and medium-sized businesses.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us