VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.
Alert status
HIGH

If successfully exploited, CVE-2021-21972 would allow an adversary with access to port 443 to remotely execute commands with unrestricted privileges on the underlying operating system hosting VMware vCenter Server. VMware evaluates the severity of this issue to be Critical in their severity range. Proof of concept code to exploit the vulnerability has been published online.

The ACSC strongly encourages users and administrators to review the VMware advisory for CVE-2021-21972 (VMSA-2021-0002) and update their systems promptly. The ACSC recommends that enterprises should restrict the exposure of management interfaces internally and externally to their enterprise.

Further information about CVE-2021-21972 is available on VMware’s website.

Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Icon for becoming a partnerBecome anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Authorised by the Australian Government, Canberra