Two critical vulnerabilities have been highlighted for vSphere Client today. One is with "improper input validation" (cve-2021-21985) and another is "improper auehtnication" (cve-2021-21986).
[ CVE Description ]
[*] CVE_ID : CVE-2021-21986
[_] Desc : The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
[_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
[*] Vuln Risk : 44.4856
[*] Exploited [trend] : 0 [holding]
[_] Exploit/likehood : False/0.1308% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [4]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 10.0 / 9.8 ]
[_] Vuln Products : [55]
[ CVE Malware Family Info : None ]
[ CVE Description ]
[*] CVE_ID : CVE-2021-21985
[_] Desc : The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
[_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
[*] Vuln Risk : 37.0714
[*] Exploited [trend] : 0 [holding] [RCE]
[_] Exploit/likehood : False/0.5650% confidence
[*] Malware sample : 0
[*] Exploits/POC : [0]
[_] Fixes : [4]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 10.0 / 9.8 ]
[_] Vuln Products : [55]
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-21986 (44.4856) : []
[!!!] CVE-2021-21985 (37.0714) : []
** [5] threads completed [4 tasks] / [10.7 KB] within [2.98 sec].