Critical Bug In All VMware ESXi and vSphere Client

Security updates are available to remediate multiple vulnerabilities affecting VMware products.

vCenter Security Vulenerabilties:

Multiple vulnerabilities in VMware ESXi and vSphere Client with the following CVE’s were fixed by VMWare:

The Advisory ID : VMSA-2021-0002 contains following CVE’s

— CVE-2021-21972:

A remote code execution vulnerability in a vCenter Server plugin that allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the affected systems.

In addition, this vulnerability has a CVSSv3 base score 9.8.

— CVE-2021-21973:

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

In addition, the vulnerability exists due to insufficient validation of user-supplied input in vSphere Client.

However, a remote non-authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

— CVE-2021-21974:

A heap-overflow vulnerability in OpenSLP used within ESXi that allows an attacker residing within the same network segment who has access to port 427 to perform remote code execution.

In addition, this vulnerability has a CVSSv3 base score 8.8.

Vulnerable Platforms:

Importantly, below are the vulnerable VMWare product versions:

vCenter Server — 7.0, 6.7, 6.5
Cloud Foundation (vCenter Server) — 3.x, 4.x
ESXi — 6.5, 6.7, 7.0
Cloud Foundation (ESXi) — 3.x, 4.x

Non-Vulnerable Platforms:

However, below are the non-vulnerable VMWare version products:

vCenter Server 6.5 U3n, 6.7 U3l, 7.0 U1c
Cloud Foundation (vCenter Server) 3.10.1.2, 4.2
VMware ESXi70U1c-17325551, ESXi670-202102401-SG, ESXi650-202102101-SG
Cloud Foundation (ESXi) 4.2

On the other hand, Successful exploitation of these vulnerabilities can result in arbitrary code execution, information disclosure, and denial of service conditions.