February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
A Look into Spear Phishing Attacks and Their Relative Protective Measures
May 26, 2021Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400
May 26, 2021A Look into Spear Phishing Attacks and Their Relative Protective Measures
May 26, 2021Rewterz Threat Advisory – CVE-2021-32926 – ICS: Rockwell Automation Micro800 and MicroLogix 1400
May 26, 2021
Severity
Medium
Analysis Summary
CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVE-2021-21986
The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
Impact
- Remote code execution
Affected Vendors
VMware
Affected Products
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Remediation
Refer to VMware advisory for the complete list of affected products and their respective patches.
https://www.vmware.com/security/advisories/VMSA-2021-0010.html