Threat Response: VMware Remote Code Execution Vulnerabilities

25-02-2021

On Tuesday the 23th of February VMWare published a patch to resolve multiple critical vulnerabilities. These vulnerabilities affect products of VMWare products ESXi, vCenter Server, en Cloud Foundation. These vulnerabilities are listed under CVE-2021-21972, CVE-2021-21974, and CVE-2021-21973.

Impact

The vulnerabilities CVE-2021-21972 and CVE-2021-21973 enable an attacker who has access to port 443 to execute commands with unrestricted privileges. Vulnerability CVE-2021-21974 applies to ESXi and Cloud foundation and makes it possible for an attacker with access to port 427 to exploit a memory vulnerability, after which remote code can be executed. The impact of these vulnerabilities is estimated as high.

Risk

There is a publicly available Proof of Concept for CVE-2021-21972 en CVE-2021-21973[2]. Therefore the risk of an attacker exploiting this vulnerability is high. For CVE-2021-21974 there is no Proof of Concept available yet, Northwave estimates the risk for this vulnerability is as medium.

Mitigation

VMware provided patches to resolve the listed vulnerabilities. Northwave advices to apply these patches immediately on ESXi, vCenter Server, en Cloud Foundation instances. At this time there are no other known mitigation techniques.

Northwave

Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises, we will reach out to you. If you need additional information you can call us by phone or send us an email.

Phone number: +31 (0)30-303 1244 (during business hours)
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)

Disclaimer applies, see below.

Sources

[1]: https://www.vmware.com/security/advisories/VMSA-2021-0002.html

[2]: https://swarm.ptsecurity.com/unauth-rce-vmware/

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.