GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

VMware vCenter Vulnerability with Critical RCE, CVSSv3 Score 9.8 of 10

By Randy Becker, VP & Principal Security Architect

Yesterday, May 25th, VMware announced there are two new vulnerabilities in their vCenter management platform; this impacts many of the production vCenter deployments regardless of if you are using VMware Virtual SANs or not. VMware is providing a workaround and a fix for affected versions of vCenter. We recommend reading all the details on this before taking any action. Workarounds could impact functionality if you are using vSAN, so read thoroughly. Per VMware: “This needs your immediate attention if you are using vCenter Server.”

Who is impacted by this?

Customers using VMware vCenter 6.5, 6.7, and 7.0.

When do you need to do something?

Per VMware: “Right now."
Per our usual recommendations, follow proper change control and testing to ensure there are not any negative impacts.

Do you have VMware vCenter 6.5, 6.7, and 7.0?
VMware posted two new vulnerabilities yesterday, one is (CVE-2021-21985) with a critical severity range and a CVSSv3 base score of 9.8 out of 10. The second one is (CVE-2021-21986) and contains a vulnerability in the vSphere authentication mechanism and has a CVSSv3 base score of 6.5 out of 10. The latest patches can be viewed on the VMware Security Advisories site here, under fixed Version(s) and Release Notes.

Who does this impact?

Customers using VMware vCenter 6.5, 6.7, and 7.0. There is also a helpful blog from VMware that covers much more detail on these vulnerabilities.

CVE-2021-21985 is a Remote Code Execution (RDE) vulnerability, meaning that if you are on the network, you could exploit the vulnerability if you have the exploit code. Often, people believe that because these vulnerabilities are inside the network, they are protected. In today’s world, I am a firm believer in "assume the breach" meaning that we assume the threat actors are already on the network looking and waiting to strike.

Directly from the VMware Blog. “In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

What should we be doing:
• Follow proper change control processes
• Test your patches before rolling into production
• Ensure you have immutable backups of all systems. That way, if the worst happens, you have a method of recovering.

If you need help with this security threat, please reach out to your GreenPages Account Manager or reach out to us!


Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.


Related Posts

New SEC Rules for Reporting Cybersecurity Incidents Are Coming

By Jay Pasteris, GreenPages CIO and CISO The SEC is proposing new cybersecurity rules for public companies. GreenPages' Chief Information Officer & Chief Information Security Officer, Jay Pasteris, looks at the pros and cons of these rules and offers advice on how your company can prepare.

CIO Fireside Chat Recap: Responding to a Ransomware Attack

By Mario Brum, VP of Practice Area and Technical Advisory Services, GreenPages   Mario Brum hosted our inaugural CIO Fireside Chat, an online event for business executives and IT experts about the latest tech topics and trends. In this blog post, Mario recaps the discussion on responding to ransomware attacks and shares data from a real-time poll showing how top cybersecurity leaders responded to this controversial topic. 

How Microsoft Purview Simplifies and Secures Your Organization's Data

By David Barter, GreenPages Microsoft Technologies Practice Lead Managing disparate data sources is a challenge for today's hybrid workforces. But Microsoft Purview can simplify your data security, governance, and compliance.