A remote code vulnerability in VMware vCenter Server has caused concern in data centers all around the world. CVE-2021-21985 is the name of the vulnerability, which has a severity level of 9.8 out of 10. vCenter Server is used for virtualization management in large data centers. It’s the second time a severe vCenter vulnerability has been discovered after last February an equally serious bug warning was issued as well.
vCenter Server is used to administer the vSphere and ESXi hosting products which represent some of the most popular virtualization solutions on the market at the moment. ESXi is a bare metal hypervisor that operates on the hardware directly.
The vulnerability can be exploited by hackers to take control of the virtualization layer. They can gain access to the operating system layer as well as its security controls.
The vulnerability affects VMware vCenter Server versions 6.5, 6.7, and 7.0. vCenter machines with default configurations would allow malicious code to be executed in many networks, but only when they’re accessible through an Internet-connected port.
The remote code execution vulnerability exists in the vSphere Client (HTML5) owing to a lack of input validation in the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server.
A hostile entity with network access to port 443 might exploit the vulnerability to execute instructions with unrestricted privileges on the underlying operating system which serves as a host for vCenter Server.
According to VMware, the vulnerability patch should be installed as quickly as possible, as the vulnerability could have significant implications for data center services being delivered through vCenter Server.