VMware vCenter Server local privilege escalation vulnerability (CVE-2021-21991)

September 22, 2021 Duncan 2621 Views 0 Comments Privilege Escalation Vulnerability, VMware, VMware vCenter Server 0 min read

CVE number = CVE-2021-21991

The VMware vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens.

A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).

To remediate CVE-2021-21991 apply the updates – see https://www.vmware.com/security/advisories/VMSA-2021-0020.html

A supplemental blog post was created for additional clarification. Please see: https://via.vmw.com/vmsa-2021-0020-faq

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

VMware vCenter Server local privilege escalation vulnerability (CVE-2021-21991)

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply