GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

VMware vCenter Vulnerability with Critical RCE, CVSSv3 Score 9.8 of 10

Posted by: Randy Becker
Read More
All Posts

VMware vCenter Vulnerability with Critical RCE, CVSSv3 Score 9.8 of 10

By Randy Becker, VP & Principal Security Architect

Yesterday, May 25th, VMware announced there are two new vulnerabilities in their vCenter management platform; this impacts many of the production vCenter deployments regardless of if you are using VMware Virtual SANs or not. VMware is providing a workaround and a fix for affected versions of vCenter. We recommend reading all the details on this before taking any action. Workarounds could impact functionality if you are using vSAN, so read thoroughly. Per VMware: “This needs your immediate attention if you are using vCenter Server.”

Who is impacted by this?

Customers using VMware vCenter 6.5, 6.7, and 7.0.

When do you need to do something?

Per VMware: “Right now."
Per our usual recommendations, follow proper change control and testing to ensure there are not any negative impacts.

Do you have VMware vCenter 6.5, 6.7, and 7.0?
VMware posted two new vulnerabilities yesterday, one is (CVE-2021-21985) with a critical severity range and a CVSSv3 base score of 9.8 out of 10. The second one is (CVE-2021-21986) and contains a vulnerability in the vSphere authentication mechanism and has a CVSSv3 base score of 6.5 out of 10. The latest patches can be viewed on the VMware Security Advisories site here, under fixed Version(s) and Release Notes.

Who does this impact?

Customers using VMware vCenter 6.5, 6.7, and 7.0. There is also a helpful blog from VMware that covers much more detail on these vulnerabilities.

CVE-2021-21985 is a Remote Code Execution (RDE) vulnerability, meaning that if you are on the network, you could exploit the vulnerability if you have the exploit code. Often, people believe that because these vulnerabilities are inside the network, they are protected. In today’s world, I am a firm believer in "assume the breach" meaning that we assume the threat actors are already on the network looking and waiting to strike.

Directly from the VMware Blog. “In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

What should we be doing:
• Follow proper change control processes
• Test your patches before rolling into production
• Ensure you have immutable backups of all systems. That way, if the worst happens, you have a method of recovering.

If you need help with this security threat, please reach out to your GreenPages Account Manager or reach out to us!


Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.



Related Posts

Tech News Recap for the Week of 01/10/22

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 01/10/22!

New Zero-Day Vulnerability Apache Log4Shell

What We Know A new critical zero-day vulnerability has been detected, is widely distributed, and is easily exploitable, allowing attackers to gain full control over affected servers. The vulnerability was identified within Apache Log4j 2, an open-source Java package used to enable logging in many popular applications. The issue can allow remote access to your computer through public servers you access running the Apache Log4j Java-based logging library.

Tech News Recap for the Week of 11/15/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 11/15/21!