By The Integrity360 Team on May 27, 2021

VMWare VCE- 2021-21985 Advisory

Breaches, Alerts & Advisories

Relevant CVE: CVE-2021-21985

On the 25th May VMWare announced new vulnerabilities and fixes for VMWare vCenter Server, including critical CVEs. These vulnerabilities affect all VMWare vCenter Server customers, and VMWare is strongly recommending VMWare vCenter Server systems be updated to fixed versions as soon as possible


The Threat 

The following critical vulnerabilities in VMWare vCenter Server were disclosed.

CVE-2021-21985 (VMSA-2021-0010)

CVE-2021-21985 consists of a remote code execution vulnerability in vSphere client (HTML5) due to an absence of input validation in the VSAN Health Check plug in, as this is enabled by default an attacker with network access to port 443 may be able to execute malicious code with elevated privileges on the host OS which the vCenter server sits on.

If affected systems are public facing, firewall logs should be audited for compromise, as per VMWare recommendations customers should take “steps to implement more perimeter security controls (firewalls, ACLs, etc.) on the management interfaces of their infrastructure."

In their disclosure VMWare specifically highlights the ability of ransomware gangs to utilize this type of vulnerability post exploitation.
CVSS score: 9.8 (Critical)


The Impact

Integrity360 has not yet observed any real cases of the vulnerabilities being exploited in the wild as of the time this advisory was written. Integrity360 will continue to monitor our customer’s estates and the wild with extra care and due diligence for threat actors looking to capitalise on these critical vulnerabilities.



VMWare customers should update their VMWare vCenter Server systems to the latest, most secure, and best-performing versions. There are resources available about the vulnerabilities and how to update or upgrade the affected VMWare vCenter Server systems on the following link VMSA-2021-0010.


Affected Systems

Product: vCenter Server + 6.5, 6.7, 7.0


More information


Sign up to receive the latest insights

Join our cyber security community to stay up to date with the latest news, insights, threat intel and more right in your inbox.  All you have to do is choose how often.