H-ISAC TLP White Vulnerability Bulletin: Multiple Vulnerabilities in VMware vSphere Client (HTML5)

On June 4, 2021, Cybersecurity and Infrastructure Security Agency (CISA) published an alert, Unpatched VMware vCenter Software, related to the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.

Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system.  VMware vCenter Server and VMware Cloud Foundation are part of the underlying infrastructure for most organizations with on-premises network management. 

Reference(s):
VMware, CISA, VMware, VMware, VMware

CVE(s)
CVE-2021-21985

Recommendations:
CISA encourages state and local governments, critical infrastructure entities, including healthcare, and other private sector organizations to review VMSA-21-0010, blogpost, and FAQ for more information about the vulnerability and apply the necessary updates as soon as possible, even if out-of-cycle work is required.

If your organization cannot immediately apply the update, then apply the workarounds in the interim. 

Sources

https://www.vmware.com/security/advisories/VMSA-2021-0010.html https://www.vmware.com/security/advisories/VMSA-2021-0010.html https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html https://core.vmware.com/resource/vmsa-2021-0010-faq https://kb.vmware.com/s/article/83829

Alert ID eaa2a133