vCenter Patches Released, Fixes Security Issue

May 25, 2021 0 By Allan Kjaer

VMware has released vCenter 6.5 Update 3p, 6.7 Update 3n and 7.0 Update 2b, this contains a serious security bug.

It also con

Security Issues

  • VMware vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the VMware vSAN health check plug-in. A malicious actor with network access to port 443 might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21985 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.
  • VMware vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the vSAN health check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Client plug-ins. A malicious actor with network access to port 443 on vCenter Server might perform actions allowed by the impacted plug-ins without authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21986 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010.

See the release notes here:

vCenter 6.5 Update 3p

vCenter 6.7 Update 3n

vCenter 7.0 Update 2b

Please share this page if you find it usefull: