in

A critical vulnerability was found in vCenter produced by VMware.

The CVE-2021-21985 allows intruders to remotely execute code on vCenter servers

VMware, a major software supplier to the enterprise sector, has announced on its official Blog that a severe bug in one of its leading products has been found and fixed.

A vulnerability, known as CVE-2021-21985, allows someone to remotely execute code on vCenter machines using default configurations if they are connected to the Internet.

The reason for the error was that the virtual SAN Health Check plug-in, which is enabled by default, did not have input validation.

Disable VMware plugins:

VMware experts note that failure to fix the vulnerability could have catastrophic consequences, as the vulnerability could allow hackers to gain access to terabytes of data stored in data centers.

When the announcement was made, more than 5,000 affected servers were at risk, including those from Amazon and Google.

This advisory is only for vCenter Server 6.5, 6.7, and 7.0. , which is the management interface for vSphere, and restarting it does not impact workload availability.

Update Instructions:

https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html

What do you think?

15 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

apple ipad with facebook website

Facebook will hide posts from people who regularly share fake news.

growth concept image

The PC market is booming, IDC forecast an 18.1% growth for this year.