Vulnerability

Multiple vulnerabilities in VMware ESXi and vSphere Client

This blog contains information regarding multiple critical vulnerabilities in VMware ESXi and vSphere Client (HTML5). As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information regarding multiple critical vulnerabilities in VMware ESXi and vSphere Client (HTML5). As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update September 23, 2021

17:00 | VMware has published information regarding multiple critical vulnerabilities in VMware ESXi and vSphere Client (HTML5). Updates have been made available to resolve these vulnerabilities. VMware has published a detailed overview of the vulnerabilities on their website.

An attacker with access to the network may be able to run arbitrary system code via port 443 (CVE-2021-21972).
An attacker with network access to port 443 is able to retrieve server plugin information with the use of modified POST requests naar the vCenter server (CVE-2021-21973).
An attacker with access to the same network secment as ESXi and port 427 may be able to initiate a heap overflow in the OpenSLP service, possibly resulting in the ability to execute arbitrary system code (CVE-2021-21974).

VMware has published updates to resolve these vulnerabilities. Install these updates as soon as possible. If an update is not possible in the short term, VMware has published a temporary workaround for these issues.

Customized cyber security

Background

The vulnerabilities are present in the following VMware products: VMware ESXi VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation)

Risk

VMware has published a detailed overview of the vulnerabilities on their website.

The following CVE references belong to this vulnerability:

Advice

Sources

More information about this vulnerability:

VMware has published updates to resolve these vulnerabilities. Install these updates as soon as possible. If an update is not possible in the short term, VMware has published a temporary workaround for these issues.

Sources:

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

https://kb.vmware.com/s/article/82374

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6