Critical vCenter vulnerability – CVE-2021-21985

Description: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.”

What does that mean? Upgrade your VMware vCenter server (6.5, 6.7, 7.0) as soon as possible, specially if your vCenter is publically accessible. And just because the vCenter is only available within your network does not mean that you are safe either, nowadays you never know when an intruder is already inside the network waiting for the right opportunity. It is better to be safe now than sorry later.

If upgrading your vCenter is not an option, at least apply the workaround and disable the plugins affected till you can get that change internally approved.

Workaround instructions here

Official advisory here

Click here for more information

Leave a Reply