{"id":20039,"date":"2021-05-27T12:08:13","date_gmt":"2021-05-27T10:08:13","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=20039"},"modified":"2021-05-30T21:51:57","modified_gmt":"2021-05-30T19:51:57","slug":"schwachstelle-cve-2021-21985-in-vsphere-client-patchen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/05\/27\/schwachstelle-cve-2021-21985-in-vsphere-client-patchen\/","title":{"rendered":"Vulnerability CVE-2021-21985 in vSphere Client, patch it!"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/05\/27\/schwachstelle-cve-2021-21985-in-vsphere-client-patchen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]VMware has issued an urgent security warning to users of vSphere. The vSphere Client (HTML5) contains a critical vulnerability CVE-2021-21985 that could allow remote code execution due to a lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. A second vulnerability affected VMware Cloud Foundation. Security updates for the affected components are available.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg06.met.vgwort.de\/na\/49b8fc9daa0b4e9b8f6b94067daec6a3\" width=\"1\" height=\"1\">In Advisory <a href=\"https:\/\/web.archive.org\/web\/20210526223318\/https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0010.html\" target=\"_blank\" rel=\"noopener\">VMSA-2021-0010<\/a>, dated May 25, 2021, VMware points out two vulnerabilities CVE-2021-21985 and CVE-2021-21986 in:&nbsp; <\/p>\n<ul>\n<li>VMware vCenter Server (vCenter Server)\n<li>VMware Cloud Foundation (Cloud Foundation)<\/li>\n<\/ul>\n<p>which are considered critical. The following <a href=\"https:\/\/twitter.com\/bad_packets\/status\/1397388928403984394\" target=\"_blank\" rel=\"noopener\">tweet<\/a> addresses vulnerability CVE-2021-21985. According to VMware, multiple vulnerabilities in the vSphere Client (HTML5) have been privately reported to the vendor. An article on the topic can also be found at<a href=\"https:\/\/heimdalsecurity.com\/blog\/critical-flaw-impacting-all-vcenter-server-deployments-vmware-alerts\/\" target=\"_blank\" rel=\"noopener\">heimdahl<\/a>.<\/p>\n<p><a href=\"https:\/\/twitter.com\/bad_packets\/status\/1397388928403984394\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\" vSphere Client vulnerability CVE-2021-21985\" alt=\" vSphere Client vulnerability CVE-2021-21985\" src=\"https:\/\/i.imgur.com\/r2EG2sX.png\"><\/a><\/p>\n<h2>CVE-2021-2198 in vSphere Client<\/h2>\n<p>The vSphere Client (HTML5) contains a remote code execution vulnerability due to a lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server. A malicious actor with network access to port 443 can exploit this issue to execute commands with unrestricted privileges on the underlying operating system hosting vCenter Server. <\/p>\n<p>VMware has rated the severity of this issue as critical, with a maximum CVSSv3 baseline of 9.8. vCenter Server 6.5, 6.7, 7.0 are affected. In <a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noopener\">this document<\/a>, VMware describes how to disable plugins to prevent exploitation of this vulnerability. Deployed VMware vCenter Server updates address the remote code execution vulnerability in the vSphere Client (CVE-2021-21985). Details can be found in the <a href=\"https:\/\/web.archive.org\/web\/20210526223318\/https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0010.html\" target=\"_blank\" rel=\"noopener\">Security Advisory<\/a>.&nbsp; <\/p>\n<h2>Vulnerability CVE-2021-21986 in vCenter Server Plug-ins<\/h2>\n<p>The vSphere Client (HTML5) also contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server can perform actions allowed by the affected plug-ins without authentication. VMware has rated the severity of this issue as moderate with a maximum CVSSv3 baseline of 6.5. Again, updates are available to close this vulnerability. Details can be found in the <a href=\"https:\/\/web.archive.org\/web\/20210526223318\/https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0010.html\" target=\"_blank\" rel=\"noopener\">Security Advisory<\/a>. <\/p>\n<p><a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1397315303978250242\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"VMware vCenter Server in Shodan\" alt=\"VMware vCenter Server in Shodan\" src=\"https:\/\/i.imgur.com\/V8pJU9p.png\"><\/a><\/p>\n<p>Security researcher Kevin Beaumont points out in the above <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1397315303978250242\" target=\"_blank\" rel=\"noopener\">tweet<\/a> that you can very quickly check via the search engine Shodan with the term \"VMware vCenter Server\" whether <a href=\"https:\/\/www.shodan.io\/search?query=9443%2Fvsphere-client%2F\" target=\"_blank\" rel=\"noopener\">servers are accessible<\/a> via the Internet. In Germany, only 2 instances are currently reported to me. Beaumont points out in <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1397318119266398214\" target=\"_blank\" rel=\"noopener\">this tweet<\/a> that Managed Solution Providers (MSP) often configure the VMs as reachable via the Internet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]VMware has issued an urgent security warning to users of vSphere. The vSphere Client (HTML5) contains a critical vulnerability CVE-2021-21985 that could allow remote code execution due to a lack of input validation in the Virtual SAN Health Check plug-in, &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/05\/27\/schwachstelle-cve-2021-21985-in-vsphere-client-patchen\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,1218],"tags":[69,651,1710],"class_list":["post-20039","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-virtualization","tag-security","tag-virtualization","tag-vmware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=20039"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/20039\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=20039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=20039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=20039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}