Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ITCornerView

Product Security Alert:
Critical Bug on VMware vCenter Servers

May 27, 2021

Urgency/Severity: HIGH

Issue / Vulnerability?

VMware released an advisory (VMSA-2021-0010) where the vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether vSAN is being used.


Who is affected?

Businesses using VMware vCenter Server and VMware Cloud Foundation in their environment.


Remediation/Action Plan

Apply workaround asap as stated in this article:

https://kb.vmware.com/s/article/83829

Cornerstone.IT graphic

#LegalIT #ITCornerView

Cornerstone.IT