If successfully exploited, CVE-2021-21972 would allow an adversary with access to port 443 to remotely execute commands with unrestricted privileges on the underlying operating system hosting VMware vCenter Server. VMware evaluates the severity of this issue to be Critical in their severity range. Proof of concept code to exploit the vulnerability has been published online.
The ACSC strongly encourages users and administrators to review the VMware advisory for CVE-2021-21972 (VMSA-2021-0002) and update their systems promptly. The ACSC recommends that enterprises should restrict the exposure of management interfaces internally and externally to their enterprise.
Further information about CVE-2021-21972 is available on VMware’s website.