In the latest vulnerability developments, software organization VMware has reported and patched a critical vulnerability in their vCenter Server.
Critical VMware bug compromised vital factors:
The vCenter Server of VMware is employed for handling virtualization in substantial data centers.
It is primarily deployed for administering the company’s ESXI host and vSphere products which are one of VMware’s most widespread virtualization products.
Severe implications of leaving vulnerable:
According to the VMware advisory that was published for the vulnerability, the vCenter systems using the default configurations contain a security hole that facilitates the scenario for the execution of malicious code when the vulnerable systems are accessible via exposure on the internet.
This is possible in many networks being in a very critical space since the vulnerability, tracked as CVE-2021-21985, has a striking 9.8 out of 10 on the severity score.
Security experts are of the opinion that successful exploitation of the vulnerability leads to a hacker being able to command the virtualization layer like the ESXi, which allows access to the OS layer as well as other security controls.
“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server,” noted the vulnerability advisory.
“VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8… A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
The software organization has since suggested that the repercussions of the critical vCenter vulnerability are rather severe and in requirement of a prompt update.
If statistics by trusted sources are to be considered, there are over 5600 public-facing vCenter systems, a majority of which exist in major data centers hosting TBs of sensitive, vulnerable data.
Some of the significant names in such a list would be Amazon, Hetzner Online GmbH, OVH SAS, and Google.
vCenter versions 6.5, 6.7, and 7.0 are vulnerable to this high-severity bug. Organizations with vulnerable machines are highly recommended to prioritize this patch.