Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-21985
CVE-2021-21985:
vSphere vCenter Server vulnerability analysis and mitigation
Overview
CVE-2021-21985 is a critical remote code execution vulnerability discovered in VMware vCenter Server's vSphere Client (HTML5), specifically in the Virtual SAN Health Check plug-in which is enabled by default. The vulnerability was disclosed on May 25, 2021, affecting VMware vCenter Server versions 6.5, 6.7, and 7.0, as well as VMware Cloud Foundation versions 3.x and 4.x (VMware Advisory, NVD).
Technical details
The vulnerability stems from a lack of input validation in the Virtual SAN Health Check plug-in. It has been assigned a critical CVSSv3 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating its severe nature. The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, regardless of whether vSAN is being used (VMware Advisory, Tenable Blog).
Impact
A successful exploitation of this vulnerability allows attackers to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The vulnerability can be exploited by any malicious actor with network access to port 443, even if the vCenter Server is not exposed externally. This makes it particularly dangerous for internal network security (VMware Advisory, CISA Alert).
Mitigation and workarounds
VMware released patches for affected versions: vCenter Server 7.0 U2b for version 7.0, 6.7 U3n for version 6.7, and 6.5 U3p for version 6.5. For Cloud Foundation, patches were released as version 4.2.1 for 4.x and version 3.10.2.1 for 3.x. If immediate patching is not possible, VMware provided workarounds through KB83829, which includes guidance on disabling the vSAN plugin (VMware Advisory).
Community reactions
The vulnerability garnered significant attention from the cybersecurity community due to its critical nature. CISA issued an alert on June 4, 2021, warning about the likelihood of active exploitation attempts. The security community emphasized the urgency of applying patches, particularly given the history of similar VMware vulnerabilities being rapidly exploited in the wild (CISA Alert).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management