#VU53596 Improper Authentication in vCenter Server and Cloud Foundation
Vulnerability identifier: #VU53596
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
vCenter Server
Server applications /
Virtualization software
Cloud Foundation
Client/Desktop applications /
Virtualization software
Vendor: VMware, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests to the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A remote non-authenticated attacker can bypass authentication process and gain unauthorized access to the application.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
vCenter Server: 6.5 - 7.0.0
Cloud Foundation: 3.0 - 4.2
External links
http://www.vmware.com/security/advisories/VMSA-2021-0010.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
