Skip to main content

VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.

Alert status
HIGH

If successfully exploited, CVE-2021-21972 would allow an adversary with access to port 443 to remotely execute commands with unrestricted privileges on the underlying operating system hosting VMware vCenter Server. VMware evaluates the severity of this issue to be Critical in their severity range. Proof of concept code to exploit the vulnerability has been published online.

The ACSC strongly encourages users and administrators to review the VMware advisory for CVE-2021-21972 (VMSA-2021-0002) and update their systems promptly. The ACSC recommends that enterprises should restrict the exposure of management interfaces internally and externally to their enterprise.

Further information about CVE-2021-21972 is available on VMware’s website.