Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Remote code execution vulnerability in the VMWare vSphere Client
Image
Published : 01/06/2021
Reference:
Advisory #2021-011
Version:
1.0
Affected software:
vCenter Server 6.5
vCenter Server 6.7
vCenter Server 7.0
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2021-21985- CVSS: 9.8
Sources
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
https://kb.vmware.com/s/article/83829
Risks
A threat actor with network access to port 443 may exploit this vulnerability to execute arbitrary code with unrestricted privileges on the host operating system running the Vmware vCenter server.
VMWare draws attention to the ability of ransomware operators to take advantage of this type of vulnerability very quickly after they are published.
Description
CVE-2021-21985 consists of a remote code execution vulnerability in the vSphere client (HTML5) due to an absence of input validation in the VSAN Health Check plugin, which is enabled by default.
Recommended Actions
CERT.be recommends to all System administrators to upgrade their VMware vCentre Server systems to the latest versions released by the vendor. VMware also provides a workaround for admins who can’t yet install the updates. They can remediate the solution by disabling VMware Plugins in vCenter Server.