Vulnerability DatabaseCVE-2021-21986

CVE-2021-21986:
vSphere vCenter Server vulnerability analysis and mitigation

Overview

CVE-2021-21986 is a vulnerability discovered in VMware vCenter Server's vSphere Client (HTML5) that affects the authentication mechanism for multiple plugins including Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability. The vulnerability was disclosed on May 25, 2021, affecting vCenter Server versions 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x (VMware Advisory).

Technical details

The vulnerability stems from an authentication mechanism flaw in the vSphere Client (HTML5) that affects multiple server plug-ins. It has been assigned a CVSS v3.1 base score of 6.5 (Moderate severity), indicating a significant but not critical security risk. The vulnerability specifically impacts the authentication mechanisms of several plugins including Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability (VMware Advisory).

Impact

When exploited, this vulnerability allows a malicious actor with network access to port 443 on vCenter Server to perform actions allowed by the impacted plug-ins without proper authentication. This means an attacker could potentially execute unauthorized operations through the affected plugins without needing valid credentials (VMware Advisory, Hacker News).

Mitigation and workarounds

VMware released patches to address this vulnerability in the following versions: vCenter Server 7.0 U2b, 6.7 U3n, and 6.5 U3p. For Cloud Foundation, patches were released in versions 4.2.1 and 3.10.2.1. If immediate patching is not possible, VMware provided workarounds that involve disabling the affected plug-ins, though this results in a loss of management and monitoring capabilities (VMware Advisory).

Community reactions

Security researchers highlighted the severity of the vulnerability, particularly due to the large number of exposed vCenter Servers. A study by Trustwave revealed that as of May 31, 2021, approximately 4,019 (80.88%) of publicly accessible vCenter Servers remained vulnerable to this and related vulnerabilities (Trustwave).

Additional resources

Source: This report was generated using AI

Related vSphere vCenter Server vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-38813	CRITICAL	9.8	vSphere vCenter Server	vcenter-server-linux	Yes	Yes	Sep 17, 2024
CVE-2024-38812	CRITICAL	9.8	vSphere vCenter Server	vcenter-server-linux	Yes	Yes	Sep 17, 2024
CVE-2024-37080	CRITICAL	9.8	vSphere vCenter Server	vcenter-server-windows	No	Yes	Jun 18, 2024
CVE-2024-37081	HIGH	7.8	vSphere vCenter Server	vcenter-server-linux	No	Yes	Jun 18, 2024
CVE-2024-37087	MEDIUM	5.3	vSphere vCenter Server	vcenter-server-linux	No	Yes	Jun 25, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2021-21986: vSphere vCenter Server vulnerability analysis and mitigation