Rewterz Threat Advisory – Multiple VMware Products Vulnerabilities

A Look into Spear Phishing Attacks and Their Relative Protective Measures

May 26, 2021

Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400

May 26, 2021

Rewterz Threat Advisory – Multiple VMware Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-21985

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

CVE-2021-21986

The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

Impact

Remote code execution

Affected Vendors

VMware

Affected Products

VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

Remediation

Refer to VMware advisory for the complete list of affected products and their respective patches.

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

A Look into Spear Phishing Attacks and Their Relative Protective Measures

Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400

Rewterz Threat Advisory – Multiple VMware Products Vulnerabilities

Severity

Analysis Summary

CVE-2021-21985

CVE-2021-21986

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan