Around two weeks ago VMware announced a new series of RCE (Remote Code Executions) about some of products, especially two primary components of vSphere in versions of 6.5, 6.7, 7.0: ESXi and vCenter Server, and also Cloud Foundation (3x, 4.x). Three CVEs has been published for these security vulnerabilities and most of them is related to the HTML5 version of vSphere client (HTTPS:443). Because it will give the attackers unrestricted access to execute commands. To read more about these security breaches (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) you can read the VMSA-2021-0002.
In the following I mentioned a brief of their known targets:
21972: Let the attacker execute an RCE with unrestricted privileges on the VCSA via accessing port 443 on the network.
21973: Let to attacker send a POST request to VCSA HTML5 on port 443, and lead to information disclosure because of an SSRF (Server Side Request Forgery) vulnerability.
21974: Grant the attacker access to the ESXi via RCE on port 427 to trigger the heap-overflow issue in OpenSLP service.
Also for more information about another vulnerability about the vSphere Replication, read the VMSA-2021-0001
No comments:
Post a Comment