[German]VMware warns its users about critical RCE vulnerabilities in the vSphere HTML5 Client and other products. Security updates are now available for the affected products.
Advertising
Nicolas Caras points to this article from The Register (see the following tweet). It discusses the critical RCE vulnerability in the vSphere HTML5 client. There are also articles on the topic here and here.
In security advisory VMSA-2021-000, VMware points out vulnerabilities CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 in the following products:
- VMware ESXi
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
vSphere-Client (HTML5) contains vulnerability CVE-2021-21972 that allows remote code execution in a vCenter Server plugin. VMware has rated the severity of this vulnerability as critical, with a maximum CVSSv3 baseline of 9.8. A malicious actor with network access to port 443 can exploit this issue to execute commands with unrestricted privileges on the underlying operating system hosting vCenter Server. To address the CVE-2021-21972 vulnerability, updates are available for the affected products.
OpenSLP, as used in ESXi, has a heap overflow vulnerability CVE-2021-21974. VMware has rated the severity of this issue in the "Important" range with a maximum CVSSv3 base rating of 8.8. A malicious actor residing on the same network segment as ESXi and having access to port 427 could potentially trigger the heap overflow issue in the OpenSLP service, resulting in remote code execution. To resolve CVE-2021-21974, apply the listed updates to affected products.
Advertising
vSphere-Client (HTML5) contains a Server Side Request Forgery (SSRF) vulnerability CVE-2021-21973 due to improper validation of URLs in a vCenter Server plugin. VMware has rated the severity of this issue as moderate, with a maximum CVSSv3 base rating of 5.3. Known attack vectors. A malicious actor with network access to port 443 can exploit this issue by sending a POST request to the vCenter Server plugin, resulting in information disclosure. To resolve CVE-2021-21973, apply the listed updates to affected products.
