March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-23975 – Mozilla Firefox Security Bypass
February 24, 2021Rewterz Threat Advisory – CVE-2021-27240 – SolarWinds Patch Manager privilege escalation
February 25, 2021Rewterz Threat Advisory – CVE-2021-23975 – Mozilla Firefox Security Bypass
February 24, 2021Rewterz Threat Advisory – CVE-2021-27240 – SolarWinds Patch Manager privilege escalation
February 25, 2021
Severity
High
Analysis Summary
CVE-2021-21972
A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVE-2021-21974
A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
CVE-2021-21973
A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.
Impact
- Remote code execution
- Information disclosure
Affected Vendors
VMware
Affected Products
- VMware ESXi
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
Remediation
Refer to vendor advisory for the complete list of affected products and their respective patches.
https://www.vmware.com/security/advisories/VMSA-2021-0002.html