Critical vulnerabilities in VMware vCenter Server; update now

In a security report, VMware notified its customers of the fix of some server-side request forgery (SSRF) and arbitrary file reading vulnerabilities in vCenter Server. According to the report, the flaws could be actively exploited, which would put thousands of implementations at risk.

The first flaw, tracked as CVE-2021-21980, was described as an arbitrary file read error residing in the vSphere Web Client whose exploitation would allow threat actors to access the port 443 network to extract sensitive data.

On the other hand, CVE-2021-22049 resides in the vSAN Web Client plugin and its exploitation would allow malicious hackers to access port 443 on vCenter Server or other internal services.

Functional workarounds are not known at this time, so administrators of affected deployments are encouraged to upgrade as soon as possible. The company adds that there are thousands of vCenter servers exposed and trackable over the Internet, so it is not advisable to miss these updates.

A few weeks ago a wave of active exploitation cases related to CVE-2021-22005 was reported, a vulnerability in vCenter that required network access to port 443, so it is not unlikely to think about the active exploitation of these two vulnerabilities.

At that time, VMware also notified its customers of the fix of a critical privilege escalation flaw in vCenter Server. Patches are not yet released for all users, although they are advised to stay on top of any updates from the company.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.