VMware has addressed a critical Remote Code Execution (RCE) vulnerability in the virtual infrastructure management platform of vCenter Server that could allow an attacker to take control of affected systems.
With vCenter Server, IT administrators can manage virtualized hosts and virtual machines in corporate environments from a single console.
Critical RCE rating almost a perfect severity
The privately reported vulnerability is tracked as CVE-2021-21972 and has a CVSSv3 baseline of 9.8 out of 10 based on VMware’s security advisory.
CVE-2021-21972 was reported by Mikhail Klyuchnikov of Positive Technologies and can be used remotely by unauthenticated attackers in low-complexity attacks that require no user interaction.
“The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plug-in,” said VMware in the advisory.
“A malicious actor with network access to port 443 can exploit this problem to …