VMware code execution flaw CVE-2021-21972

There is a newly disclosed code-execution vulnerability in VMware vCenter.  VMware was quick to release a patch (within a day) and it can be found here.

The severity of this vulnerability as well as the fact that there are exploits available for both Windows and Linux servers, kicked off a flurry of mass scanning for vulnerable vCenter Servers.

Code execution, no authorization required

CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.

The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller

Why your company needs to have a network and infrastructure assessment

Many times, we have been contacted by companies that want us to ‘replace our hyper-visor infrastructure’ or ‘update our server infrastructure’ because of perceived issues in performance or user experience.  Unfortunately, by bypassing the critical step of a full network and infrastructure assessment, companies miss out on identifying the root cause of security issues and network performance.

Do you know all your infrastructure assets and what bandwidth they are using?

What are the critical infrastructure is not longer under warranty or service support?

How much traffic is traversing your branch office internet connection?

Network and infrastructure assessments are not a one time and done process.  Having fresh insight on your network and potential bottlenecks and security issues brings a piece of mind to any IT Manager, CIO and CSO.

Having our team identify and rank your organization’s pain points gives you the tools to apply budget appropriately and meet the growing demand of your companies IT needs.

How Does Virtualization Benefit a Business?

The world of business has always been fast-paced; however, it’s picking up speed every year. Everyone from small mom-and-pop shops to worldwide corporations are evolving. With the constant changing of the times, it is imperative that businesses have a reliable, updated technology foundation. Read more