VMware vCenter Vulnerability
Date of Notice: 9/21/2021
Action Level - Critical
Description: VMware vCenter Vulnerability (VMSA-2021-0020)
MCNC would like to make you aware of various VMware vulnerabilities. There are multiple CVEs that VMware is addressing under the ID VMSA-2021-0020. Of these 19 CVEs RCE and privilege escalation vulnerabilities exist.
The VMware Blog covers more information here. The full list of vulnerabilities and specific details are here.
Affected Devices
- VMware vCenter Server versions
- 6.5
- 6.7
- 7.0
Attack Vector
There are multiple vulnerabilities with multiple attack vectors. The most important is network based via port 443. Non-admin users with access to vCenter Server can also exploit the privilege escalation vulnerability.
Attack Feasibility
No information has been released regarding feasibility.
Mitigations
There are mitigations beyond applying patches as specified by VMware. However, ensuring general security best practices such as proper network segmentation, only exposing needed devices to the internet, and ensuring least privilege rules are in place will help prevent these vulnerabilities from being exploited.
Remediation