【CVE-2021-21972】 Vulnerability, Detection and Prevention
Jul 21, 2022
6 min read
In this article:
The Remote Code Execution vulnerability allows a threat actor to run arbitrary code and commands on a target machine or the underlying operating system. In computers with this vulnerability, the remote non-authenticated attacker injects a file, string, or application package into the program’s parser, leading to an attack that can ultimately compromise the application server. The CVE 2021 21972 VCenter server vulnerability is a remote execution flaw affecting the vCenter server plugin in the HTML5 vSphere Client. In applications that run on such vulnerable systems, a threat actor can issue arbitrary commands through HTTP port 443 with unrestricted privileges.
In this article, we discuss the CVE-2021-21972 vulnerability and the approaches to detect and prevent remote execution attacks that are orchestrated over the CVE 2021 21972 vulnerability.
CVE-2021-21972 Vulnerability Explained
The CVE-2021-21972 is a remote execution vulnerability that allows attackers to run code on operating systems that host the VMware vCenter Server. The vulnerability is prevalent on VMware machines that use the vRealize operations vSphere plugin, enabling attackers to issue malicious commands through publicly accessible ports. As the vRealize operations, vCenter plugin is included in all default installations of vCenter Server, the VMware vClient endpoints are considered vulnerable regardless of whether they use vRealize operations for cloud automation.
Affected software configurations