{"id":7541,"date":"2021-05-31T20:27:06","date_gmt":"2021-06-01T03:27:06","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7541"},"modified":"2023-04-05T12:40:14","modified_gmt":"2023-04-05T19:40:14","slug":"cve-2021-21985-patch-this-vmware-trending-vulnerability","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/cve-2021-21985-patch-this-vmware-trending-vulnerability\/","title":{"rendered":"CVE-2021-21985: Patch this Trending VMware Vulnerability"},"content":{"rendered":"

On the 25th<\/sup> of May 2021, VMware published an advisory<\/a> warning of two vulnerabilities – CVE-2021-21985 and CVE-2021-21986 – in their vCenter Server and Cloud Foundation products. Researchers at Cyber Security Works (CSW) analysed these vulnerabilities from a Pentester\u2019s perspective and here is their verdict.<\/p>\n

\n

\u201cIf not patched, a hacker could exploit CVE-2021-21985 to execute commands with unrestricted privileges on the host operating system and compromise the same.\u201d<\/b><\/p>\n

A Pentester\u2019s Perspective<\/p>\n<\/blockquote>\n

Malicious Attackers on the Hunt for Unpatched VMware vCenter Versions<\/h3>\n

A week after CSW\u2019s analysis of CVE-2021-21985, our prediction about attackers targeting unpatched VMware vCenter versions is coming true. Recently, a security researcher published a proof of concept<\/a> Remote Code Execution (RCE) exploit code on June 2, 2021. Two days later, CISA <\/a>noticed that threat actors were scouring the Internet for unpatched vCenter servers to misuse the vulnerability. Further attempts were also identified<\/a> in the wild, where attackers tried to compromise servers that ran vulnerable software versions.<\/p>\n

CVE-2021-21985 : Why is it so dangerous?<\/h3>\n