VMware vCenter Server local privilege escalation vulnerability (CVE-2021-21991)
CVE number = CVE-2021-21991
The VMware vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens.
A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).
To remediate CVE-2021-21991 apply the updates – see https://www.vmware.com/security/advisories/VMSA-2021-0020.html
A supplemental blog post was created for additional clarification. Please see: https://via.vmw.com/vmsa-2021-0020-faq
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.