CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert

Comments Off on CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert
CVE-2021-21972

On February 23, 2021, VMware had released risk notices for the vCenter Server and ESXi. VMware fixed two high-risk vulnerabilities in ESXi and vSphere Client (HTML5). Malicious attackers with access to network ports can execute arbitrary code through the vulnerabilities.

Vulnerability Detail

CVE-2021-21972: remote code execution vulnerability in the vSphere Client

A malicious attacker with access to port 443 can send a carefully constructed request to vCenter Server, which will eventually cause remote arbitrary code execution.

CVE-2021-21974: ESXi OpenSLP heap-overflow vulnerability

A malicious attacker who is on the same network segment as ESXI and has access to port 427 can construct a malicious request packet to trigger a heap overflow vulnerability in the OpenSLP service and ultimately cause remote code execution.

Affected version

  • VMware ESXi: 7.0/6.7/6.5
  • VMware vCenter Server: 7.0/6.7/6.5

Unaffected version

  • VMware vCenter Server: 7.0.U1c/6.7.U3l/6.5 U3n
  • VMware ESXi: ESXi70U1c-17325551/ESXi670-202102401-SG/ESXi650-202102101-SG

Solution

In this regard, we recommend that users upgrade vCenter Server and ESXi products to the latest version in time.

The post CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert appeared first on InfoTech News.

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress