VMware, a major software supplier to the enterprise sector, has announced on its official Blog that a severe bug in one of its leading products has been found and fixed.
A vulnerability, known as CVE-2021-21985, allows someone to remotely execute code on vCenter machines using default configurations if they are connected to the Internet.
The reason for the error was that the virtual SAN Health Check plug-in, which is enabled by default, did not have input validation.
Disable VMware plugins:
VMware experts note that failure to fix the vulnerability could have catastrophic consequences, as the vulnerability could allow hackers to gain access to terabytes of data stored in data centers.
When the announcement was made, more than 5,000 affected servers were at risk, including those from Amazon and Google.
This advisory is only for vCenter Server 6.5, 6.7, and 7.0. , which is the management interface for vSphere, and restarting it does not impact workload availability.
Update Instructions:
https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html