Overview
Multiple vulnerabilities were reported to VMware for which there are now updates available to remediate them in the affected VMware products.
Due to the severity of some of these known vulnerabilities it is highly recommended to upgrade affected systems as soon as practicable.
Detail
The most severe of the VMware vulnerabilities (CVE-2021-22005) has a CVSS base score of 9.8 – A malicious actor with network access to port 443 on vCenter may exploit this issue to execute code by uploading a specially crafted file.
Other vulnerabilities include local privilege escalation, reflected XSS, unauthorised file
deletion and denial-of-service.
Products affected:
- VMware vCenter Server
- Cloud Foundation
Updates available for:
- vSphere versions 6.5, 6.7 and 7.0
- vCloud Foundation versions 3.10.2.2 and 4.3.1
For more information about each vulnerability and the available updates, please visit:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Recommended Action
Frequently monitor and review security updates for all of your systems, services and
devices.
Implement security patches as soon as practicable.
Take a look at the ‘5 Steps to Cyber Security’ guidance on our Advice & Guidance page for more guidance on how to better protect your organisation.
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.