We have been made aware of a newly discovered remote code execution vulnerability in VMware vCenter’s plugin known as the Virtual SAN Health Check. This helps administrators to manage storage that support these virtual environments.
What is a remote code execution vulnerability?
In this instance, a remote code execution vulnerability allows an attacker to exploit the plugin to gain full control of a vCenter system and potentially the machines that run your virtual infrastructure.
What can we do?
Luckily, you can quickly mitigate this issue by disabling the plugin, if you’re not sure how this can be done, the steps involved can be found here. There are also new versions of vCenter that have been released that address the problem so you can restore the use of the plugin safely.
Please note: Ultima Managed Service customers that benefit from our patching service and are affected by this vulnerability will be remediated as quickly as possible.
|Product||Version||Running On||CVE Indentifier||CVSSv3||Severity||Fixed Version||Workaround||Additional Resources|
|vCenter Server||7.0||Any||CVE-2021-21985||9.8||Critical||7.0 U2b||KB83829||FAQ|
|vCenter Server||6.7||Any||CVE-2021-21985||9.8||Critical||6.7 U3n||KB83829||FAQ|
|vCenter Server||6.5||Any||CVE-2021-21985||9.8||Critical||6.5 U3p||KB83829||FAQ|
• VMWare bulletin on the vulnerability: VMSA-2021-0010 (vmware.com)
• Disabling the plugin: How to Disable VMware Plugins in vCenter Server (83829)