Security for everyone

CVE-2021-21985 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in VMware vCenter Server and VMware Cloud Foundation affects v. VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1).

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Source

-

VMware vCenter Server is a powerful tool used for managing virtualization infrastructure. It allows administrators to manage virtual machines, storage, and networking across multiple hosts and data centers. VMware Cloud Foundation, on the other hand, is a comprehensive software-defined data center platform that bundles vSphere, vSAN, and NSX into a single solution. It simplifies the deployment and management of the entire stack by providing a unified user interface and automated lifecycle management. 

A critical vulnerability has been discovered in VMware vCenter Server, identified as CVE-2021-21985, which puts organizations at risk of remote code execution attacks. The vulnerability exists due to the lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. Attackers with network access to port 443 can exploit this vulnerability to execute arbitrary commands with elevated privileges on the underlying operating system that hosts vCenter Server.

This vulnerability can lead to complete compromise of vCenter Server and the virtualization infrastructure it manages. Attackers can execute malicious code, steal sensitive data, or disrupt business operations by causing system outages. The consequences can be severe, ranging from reputational damage to financial losses and regulatory fines.

Thanks to the pro features of the securityforeveryone.com platform, organizations can easily and quickly learn about vulnerabilities in their digital assets. The platform provides comprehensive vulnerability scanning and management capabilities, including automated discovery, assessment, and remediation of vulnerabilities. It also offers real-time alerts, reports, and dashboards to help organizations stay on top of their security posture and compliance requirements. With securityforeveryone.com, organizations can proactively identify and mitigate vulnerabilities before they are exploited by attackers.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture