VMware vCenter Server Remote Code Execution Vulnerability

Added Nov. 3, 2021 • Due Nov. 17, 2021 • CVE-2021-21972

Overdue VMware / vCenter Server Known Ransomware Use CWE-23

Description

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

Required Action

Apply updates per vendor instructions.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-21972

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 7 months, 3 weeks ago