CVE-2021-21972, CVE-2021-21974: VMware vCenter Server and ESXI Vulnerabilities Alert
On February 23, 2021, VMware had released risk notices for the vCenter Server and ESXi. VMware fixed two high-risk vulnerabilities in ESXi and vSphere Client (HTML5). Malicious attackers with access to network ports can execute arbitrary code through the vulnerabilities.
Vulnerability Detail
CVE-2021-21972: remote code execution vulnerability in the vSphere Client
CVE-2021-21974: ESXi OpenSLP heap-overflow vulnerability
Affected version
- VMware ESXi: 7.0/6.7/6.5
- VMware vCenter Server: 7.0/6.7/6.5
Unaffected version
- VMware vCenter Server: 7.0.U1c/6.7.U3l/6.5 U3n
- VMware ESXi: ESXi70U1c-17325551/ESXi670-202102401-SG/ESXi650-202102101-SG