Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched

Researchers have warned that thousands of internet-facing VMWare vCenter servers still harbor critical vulnerabilities weeks after patches were released. The vulnerabilities impact VMWare vCenter Server, a centralized management utility.

VMWare issued patches for two critical bugs, CVE-2021-21985 and CVE-2021-21986, on May 25.  The first security flaw, CVE-2021-21985, impacts VMware vCenter Server and VMware Cloud Foundation and has been issued a CVSS score of 9.8. This bug was found in a vSAN plugin, enabled by default in the application, that allows attackers to execute remote code execution (RCE) if they have access to port 443.

To read the entire article, please click on

Related Posts