Blog

NOTIFIED: VMware vCenter Server Security Vulnerability (CVE-2021-21974)

CDI Security
NOTIFIED: VMware vCenter Server Security Vulnerability (CVE-2021-21974)

The team at CDI are aware of a current threat known as CVE-2021-21974, which is a critical vulnerability that affects the vCenter Server of VMware.

In the ever-evolving world of cybersecurity, it’s essential to stay vigilant and aware of the latest threats. Below are insights into this security issue, along with links to patch and correct this vulnerability.

What is the issue:

VMware vCenter Server is a central management solution for VMware vSphere environments, and it plays a crucial role in managing virtualized environments.

The vulnerability allows attackers to take control of the vCenter Server and compromise the virtual infrastructure, leading to data breaches, unauthorized access, and even the spread of malware. The vulnerability was discovered and privately reported to VMware.

How it is exploited:

To exploit the vulnerability, an attacker only needs to send a specially crafted request to the vCenter Server, which can lead to the execution of malicious code with elevated privileges. This makes the vulnerability particularly dangerous, as attackers can gain complete control of the vCenter Server and the virtual infrastructure.

How to fix this issue:

This vulnerability impacts vCenter Server versions 6.5, 6.7, and 7.0 which also impacts the corresponding product suite Cloud Foundation versions 3 and 4. VMware has released patches for all three versions to address the vulnerability, and it is recommended that all users apply these updates as soon as possible.

If you or your team require assistance in this, please contact your CDI account manager or fill out this form.

Additional resources:

CDI Security

CDI Security

CDI’s Security Solutions Group is responsible for ensuring clients have access to the best-of-breed resources to help make sound security decisions. CDI’s team of seasoned professionals from varying backgrounds (i.e. Risk, Audit, Engineering) enables us to provide a unique set of skills and support to each client partnership.