CVE-2021-21972 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in VMware vCenter Server and VMware Cloud Foundation affects v. VMware vCenter Server 7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n and VMware Cloud Foundation 4.x before 4.2 and 3.x before 3.10.1.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
The VMware vCenter Server and VMware Cloud Foundation are essential products designed to ensure efficient management of data center infrastructure. The vCenter Server allows administrators to control multiple virtual machines from a single centralized location, while Cloud Foundation enhances the scalability and flexibility of VMware-based private and hybrid cloud deployments. These products are particularly suitable for enterprises looking to streamline their data center operations and optimize resource utilization.
However, security researchers have recently detected a significant vulnerability in these products, identified as CVE-2021-21972. This remote code execution vulnerability can be exploited by attackers with access to port 443, enabling them to execute arbitrary commands with unrestricted privileges on the operating system hosting vCenter Server. This vulnerability affects various versions of VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n), as well as VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
If exploited, the CVE-2021-21972 vulnerability can lead to severe consequences such as complete data loss, data theft, and system compromise. Attackers can execute malicious code, modify files, and delete sensitive data from an extensive range of connected virtual machines. Subsequently, they can gain unauthorized access to sensitive information and infiltrate further into the network, posing potential threats to business operations and reputation.
By identifying security vulnerabilities that put their digital assets at risk, organizations can take appropriate actions and precautions to avoid data breaches and system compromise. Thanks to the pro features of the s4e.io platform, users can access information about vulnerabilities such as CVE-2021-21972 quickly and effectively. With the platform's expansive database of security threats, users can ensure constant monitoring and protection of their digital assets.
REFERENCES
