https://safirsoft.com Vulnerability in VMware product has severity rating of 9.8 out of 10

Remote code execution flaw in vCenter Server poses "serious" risk to data centers.

Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The vulnerability has a severity score of 9.8 out of 10.

The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. It’s used to administer VMware’s vSphere and ESXi host products, which by some rankings are the first and second most popular virtualization solutions on the market. Enlyft, a site that provides business intelligence, shows that more than 43,000 organizations use vSphere.

“Serious”

A VMware advisory said that vCenter machines using default configurations have a bug that allows for the execution of malicious code when they’re reachable on a port that’s exposed to the Internet in many networks. The vulnerability is tracked as CVE-2021-21985.

“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server,” Tuesday’s advisory stated. “VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8... A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”

Advertisement

In response to the frequently asked question “When do I need to act?”, company officials wrote: “Immediately, the ramifications of this vulnerability are serious.”

https://safirsoft.com Vulnerability in VMware product has severity rating of 9.8 out of 10EnlargeIndependent researcher Kevin Beaumont agreed.

“vCenter is a virtualization management software,” he said in an interview. “If you hack it, you control the virtualization layer (e.g., VMware ESXi)—which allows access before the OS layer (and security controls). This is a serious vulnerability so organizations should patch, or restrict access to the vCenter server to authorised administrators.”

Shodan, a service that catalogs sites available on the Internet, shows that there are almost 5,600 public-facing vCenter machines. Most or all of those reside in large data centers potentially hosting terabytes of sensitive data. Shodan shows that the top users with vCenter servers exposed on the Internet are Amazon, Hetzner Online GmbH, OVH SAS, and Google.

Further ReadingCode-execution flaw in VMware has a severity rating of 9.8 out of 10CVE-2021-21985 is the second vCenter vulnerability this year to carry a 9.8 rating. Within a day of VMware patching it in February, proof-of-concept exploits appeared from at least six different sources. The disclosure set off a frantic round of mass Internet scans, as attackers and defenders alike searched for vulnerable servers.

vCenter versions 6.5, 6.7, and 7.0 are all affected. Organizations with vulnerable machines should prioritize this patch. Those who can’t install immediately should follow Beaumont’s workaround advice. VMware has more workaround guidance here.

VMware credited Ricter Z of 360 Noah Lab for reporting this issue.

Vulnerability in VMware product has severity rating of 9.8 out of 10
vulnerability-in-vmware-product-has-severity-rating-of-9-8.html

https://safirsoft.com Here are a bunch of iOS 15 features that Apple didn’t mention earlier

Here are a bunch of iOS 15 features that Apple didn’t mention earlier

As usual, some of the most intriguing changes weren't necessarily the biggest.

As Apple's annual WWDC conference wraps up, we have a whole week ...

https://safirsoft.com CD Projekt Red says its data is likely circulating online after ransom attack

CD Projekt Red says its data is likely circulating online after ransom attack

Data taken in breach disclosed in February likely related to employees and contractors.

CD Projekt Red, the maker of The Witcher series, Cyberpu...

https://safirsoft.com MySQL 101: Installation, care, and feeding on Ubuntu

MySQL 101: Installation, care, and feeding on Ubuntu

If you've got 15 minutes, we can show you the ropes of basic MySQL management.

One of the tasks nearly any sysadmin frequently encounters is the...

https://safirsoft.com Google Chrome ends its war on address bar URLs—for now, at least

Google Chrome ends its war on address bar URLs—for now, at least

As it turns out, hiding URL information does not help security.

Chrome is ending its war on address bar URLs—at least for now. About a year a...

https://safirsoft.com Android 12’s beautiful color-changing UI already lives up to the hype

Android 12’s beautiful color-changing UI already lives up to the hype

Android 12's "Material You" UI debuts in Beta 2, and we go hands-on.

Android 12 Beta 2 came out this week, and with it, a lot of features we've ...

https://safirsoft.com iOS, web versions of Dark Sky weather app will shut down in 2022

iOS, web versions of Dark Sky weather app will shut down in 2022

Apple already shut down the Android version after acquiring the app last year.

A new blog post from the developers of Apple-owned, hyperlocal we...