Critical vulnerability in VMware products; update affected systems before potential ransomware campaign

VMware security teams announced the remediation of a critical vulnerability in the vCenter Server platform whose exploitation would allow threat actors to take complete control of the affected system. The vulnerability received a score of 9.8/10 according to the Common Vulnerability Scoring System (CVSS).

The situation is aggravated considering the excessive increase in ransomware attacks that are based on the exploitation of similar flaws, so the affected systems should be updated as soon as possible.

Tracked as CVE-2021-21985, this vulnerability resides on vCenter Server platforms, which are widely used and intended for the management of host products such as vSphere, also developed by VMware. In this regard, researcher Claire Tills mentions: “Fixing and patching these vulnerabilities should be a priority for administrators of affected implementations, as a successful attack would allow malicious hackers to execute arbitrary command on the underlying hosts.”

Tills adds that exploiting the flaw is relatively straightforward, as threat actors only require access to vCenter Server through port 443: “Hackers can access this point even if administrators don’t expose vCenter externally,” the researcher says.  

Luckily it’s not all bad news, as while the flaw received a high CVSS score, the range of vulnerable targets is relatively low. According to Jerry Gamblin of the firm Kenna Security, it is believed that there are around 6 thousand vCenter implementations exposed to this attack: “This is a tiny radius of exploitation considering how popular this tool is.”

The expert refers to CVE-2021-21985 and CVE-2021-21986, a vulnerability in vCenter reported just a few days ago that resides in the plugin authentication mechanism in vCenter Server. This second flaw received a CVSS score of 6.5/10.

The VMware report also notes that the flaws have already been addressed, so administrators of affected deployments can consult a complete upgrade guide on the company’s official platforms. In case of inability to upgrade, VMware also issued a set of workarounds.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.