vCenter Server is VMware’s unified management utility, and it is used to handle virtual machines, various ESXi hosts, and other resources. A flaw in VMware vCenter/vSphere that enables an anonymized hacker to execute code on the VMware hypervisor remotely (CVE-2021-21972). Every malicious user who can connect to port 443 on your vCenter server can fully compromise the system, its files, and any VMs it holds.
Mitigation / Precaution
- Ensure that no single vCenter property is directly accessible through the internet.Since a local network computer may be used to hack internal hosts, prioritise patching as soon as possible.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.