Critical VMWare Vulnerability CVE-2021-21972

3/04/2021

The actively exploited vulnerability tracked as (CVE-2021-21972) allows attacker to upload files and execute commands without any authorized privileges.

Overview

VMware issued patches for Critical severity flaws in ESXi and vCenter server.
Positive Technologies discovered a vulnerability in VMware vCenter/vSphere which allows an unauthenticated attacker to execute code remotely on the VMware hypervisor (CVE-2021-21972).
An updated patch version in release of ESXi patches was first reported to vendor on 2nd October 2020 and then a patch was released by VMware on 23 February 2021.

Overview

VMware issued patches for Critical severity flaws in ESXi and vCenter server.

Positive Technologies discovered a vulnerability in VMware vCenter/vSphere which allows an unauthenticated attacker to execute code remotely on the VMware hypervisor (CVE-2021-21972).

An updated patch version in release of ESXi patches was first reported to vendor on 2nd October 2020 and then a patch was released by VMware on 23 February 2021.