Critical Vulnerability Found In VMware vCenter
Chris Watkins
Head of Security
27/05/2021

We have been made aware of a newly discovered remote code execution vulnerability in VMware vCenter’s plugin known as the Virtual SAN Health Check. This helps administrators to manage storage that support these virtual environments. 

What is a remote code execution vulnerability?

In this instance, a remote code execution vulnerability allows an attacker to exploit the plugin to gain full control of a vCenter system and potentially the machines that run your virtual infrastructure. 

What can we do?

Luckily, you can quickly mitigate this issue by disabling the plugin, if you’re not sure how this can be done, the steps involved can be found here. There are also new versions of vCenter that have been released that address the problem so you can restore the use of the plugin safely. 

Please note: Ultima Managed Service customers that benefit from our patching service and are affected by this vulnerability will be remediated as quickly as possible.

Product Version Running On CVE Indentifier CVSSv3 Severity Fixed Version Workaround Additional Resources
vCenter Server 7.0 Any CVE-2021-21985 9.8 Critical 7.0 U2b KB83829 FAQ
vCenter Server 6.7 Any CVE-2021-21985 9.8 Critical 6.7 U3n KB83829 FAQ
vCenter Server 6.5 Any CVE-2021-21985 9.8 Critical 6.5 U3p KB83829 FAQ

Further Reading:

•    VMWare bulletin on the vulnerability: VMSA-2021-0010 (vmware.com)
•    Disabling the plugin: How to Disable VMware Plugins in vCenter Server (83829)


Full Name