VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we’d welcome your feedback.

References

www.vmware.com/security/advisories/VMSA-2021-0002.html

vmware 1

rapid7blog 8

threatpost 1

nessus 4

trellix 4

checkpoint_advisories 2

ibm 2

githubexploit 28

thn 8

cisa_kev 2

wizblog 1

cve 3

hivepro 1

attackerkb 5

nuclei 2

packetstorm 5

zdi 1

prion 3

zdt 5

redhatcve 1

wallarmlab 2

seebug 2

qualysblog 3

exploitdb 2

malwarebytes 2

cisa 1

securelist 1

ics 1

vmware

VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)

2021-02-23 00:00:00

rapid7blog

VMware vCenter Server CVE-2021-21972 Remote Code Execution Vulnerability: What You Need to Know

2021-02-24 22:22:14

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

2023-02-09 18:36:28

Ransomware Campaign Compromising VMware ESXi Servers

2023-02-06 15:00:57

threatpost

VMWare Patches Critical RCE Flaw in vCenter Server

2021-02-24 17:14:55

nessus

VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)

2021-02-25 00:00:00

ESXi 6.5 / 6.7 / 7.0 RCE (VMSA-2021-0002)

2021-02-25 00:00:00

VMware vCenter Server SSRF (CVE-2021-21973) (Direct Check)

2022-08-23 00:00:00

trellix

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

2023-02-09 00:00:00

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

2023-02-09 00:00:00

The Bug Report – February 2023 Edition

2023-03-01 00:00:00

checkpoint_advisories

VMware vSphere Client Remote Code Execution (CVE-2021-21972; CVE-2021-21973)

2021-02-28 00:00:00

VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)

2020-02-26 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities in VMware affect IBM Cloud Pak System

2021-10-05 12:18:32

Security Bulletin: Vulnerability identified in VMware component affects Cloud Pak System (CVE-2021-21974)

2023-03-20 11:30:50

githubexploit

Exploit for Improper Privilege Management in Vmware Cloud Foundation

2021-10-03 23:03:11

Exploit for Improper Privilege Management in Vmware Cloud Foundation

2021-04-06 10:38:40

Exploit for Improper Privilege Management in Vmware Cloud Foundation

2021-10-03 23:03:11

thn

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

2021-02-24 07:54:00

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

2023-02-04 05:30:00

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

2023-02-11 13:36:00

cisa_kev

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

2022-03-07 00:00:00

VMware vCenter Server Remote Code Execution Vulnerability

2021-11-03 00:00:00

wizblog

Ransomware attacks targeting VMware ESXi servers: everything you need to know

2023-02-07 12:26:52

cve

CVE-2021-21974

2021-02-24 17:15:00

CVE-2021-21973

2021-02-24 17:15:00

CVE-2021-21972

2021-02-24 17:15:00

hivepro

The ESXiArgs ransomware attack is targeting VMware ESXi servers globally

2023-02-09 06:52:24

attackerkb

CVE-2021-21973

2021-02-24 00:00:00

CVE-2021-21974

2021-02-24 00:00:00

VMware vSphere Client Unauth Remote Code Execution Vulnerability — CVE-2021-21972

2021-02-24 00:00:00

nuclei

VMware vSphere - Server-Side Request Forgery

2022-01-27 10:20:44

VMware vSphere Client (HTML5) - Remote Code Execution

2021-02-25 00:37:02

packetstorm

VMware ESXi OpenSLP Heap Overflow

2021-06-03 00:00:00

VMware vCenter Server 7.0 Arbitrary File Upload

2021-03-01 00:00:00

VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept

2021-02-24 00:00:00

zdi

VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability

2021-02-24 00:00:00

prion

Server side request forgery (ssrf)

2021-02-24 17:15:00

Heap overflow

2021-02-24 17:15:00

Remote code execution

2021-02-24 17:15:00

zdt

VMware ESXi OpenSLP Heap Overflow Exploit

2021-06-03 00:00:00

VMware vCenter Server 7.0 - Unauthenticated File Upload Exploit

2021-03-01 00:00:00

VMware vCenter 6.5 / 7.0 Remote Code Execution Exploit

2021-02-24 00:00:00

redhatcve

CVE-2021-21974

2023-02-07 18:56:17

wallarmlab

Why WAFs can’t catch VMware CVE-2021-21972 Remote Code Execution Exploit?

2021-03-08 20:22:27

Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.

2021-03-16 18:22:00

seebug

ESXi OpenSLP堆溢出漏洞（CVE-2021-21974）

2021-05-25 00:00:00

VMware vCenter Server远程代码执行漏洞（CVE-2021-21985）

2021-05-26 00:00:00

qualysblog

Ransomware Targets Outdated VMware ESXi Hypervisors: Protect Your Systems Now!

2023-02-08 00:39:02

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

Qualys Response to CISA Alert: Binding Operational Directive 22-01

2021-11-09 06:15:01

exploitdb

VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)

2021-06-24 00:00:00

VMware vCenter Server 7.0 - Unauthenticated File Upload

2021-03-01 00:00:00

malwarebytes

[update]Two year old vulnerability used in ransomware attack against VMware ESXi

2023-02-06 04:00:00

New ESXiArgs encryption routine outmaneuvers recovery methods

2023-02-14 06:00:00

cisa

CISA Adds 11 Known Exploited Vulnerabilities to Catalog 

2022-03-07 00:00:00

securelist

IT threat evolution Q1 2021. Non-mobile statistics

2021-05-31 10:00:05

ics

2021 Top Routinely Exploited Vulnerabilities

2022-04-28 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for CISA:CB32DB4C2EA92462F387E1DA6C08F57E