Click to Register VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution (RCE) flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system to find other vulnerable points of network entry to take over affected systems. Positive Technologies researcher Mikhail Klyuchnikov discovered two of the flaws in vCenter Server, the centralized management and automation platform for VMware’s vSphere virtualization platform, which—given VMware’s dominant position in the market—is used by the majority of enterprise data centers. Among its duties, vCenter Server manages virtual machines, multiple ESXi hypervisor hosts and other various dependent components from a central management dashboard. Where the VMware Flaws Were Found, What’s Effected? The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server,” the company said. The plugin is available in all default…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-02-24 12:14:002021-02-24 12:14:00VMWare Patches Critical RCE Flaw in vCenter Server
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org