CVE-2021-21973:Server Side Request Forgery (SSRF) vulnerability in VMware vSphere Client (HTML5) allows remote attackers to access sensitive information.

splash
Back

Description Preview

The VMware vSphere Client (HTML5) contains a Server Side Request Forgery (SSRF) vulnerability (CWE-918) due to improper validation of URLs in a vCenter Server plugin. An unauthenticated attacker with network access to port 443 can exploit this vulnerability by sending specially crafted POST requests to the vCenter Server plugin. Successful exploitation allows the attacker to send requests from the vCenter Server to internal services and potentially access sensitive information not intended for external users. This vulnerability affects multiple versions of VMware vCenter Server and VMware Cloud Foundation.

Overview

The vulnerability (CVE-2021-21973) exists in the VMware vSphere Client's HTML5 interface, which fails to properly validate URLs in a vCenter Server plugin. This SSRF vulnerability allows attackers to send unauthorized requests from the affected server to other systems that might be inaccessible directly from the attacker's position. The vulnerability is particularly concerning because:

  1. It can be exploited remotely by unauthenticated attackers
  2. It only requires network access to port 443 (HTTPS)
  3. It affects multiple versions of critical VMware infrastructure products
  4. It can lead to information disclosure from internal systems

Affected products include:

  • VMware vCenter Server 7.x before 7.0 U1c
  • VMware vCenter Server 6.7 before 6.7 U3l
  • VMware vCenter Server 6.5 before 6.5 U3n
  • VMware Cloud Foundation 4.x before 4.2
  • VMware Cloud Foundation 3.x before 3.10.1.2

Remediation

To address this vulnerability, VMware recommends the following actions:

  1. Update to the latest patched versions of the affected products:

    • vCenter Server 7.0: Upgrade to version 7.0 U1c or later
    • vCenter Server 6.7: Upgrade to version 6.7 U3l or later
    • vCenter Server 6.5: Upgrade to version 6.5 U3n or later
    • VMware Cloud Foundation 4.x: Upgrade to version 4.2 or later
    • VMware Cloud Foundation 3.x: Upgrade to version 3.10.1.2 or later

  2. If immediate patching is not possible, consider implementing the following temporary mitigations:

    • Restrict access to vCenter Server management interfaces (port 443) using network segmentation
    • Implement strict firewall rules to limit which systems can connect to the vCenter Server
    • Monitor for suspicious POST requests to the vCenter Server

  3. After patching, conduct a thorough security review to determine if any unauthorized access occurred prior to remediation.

References

  1. VMware Security Advisory VMSA-2021-0002: https://www.vmware.com/security/advisories/VMSA-2021-0002.html
  2. Common Weakness Enumeration (CWE-918): Server Side Request Forgery (SSRF)
  3. NIST National Vulnerability Database: CVE-2021-21973

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Public Administration
    Public Administration
  6. Retail Trade
    Retail Trade
  7. Accommodation & Food Services
    Accommodation & Food Services
  8. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  9. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  10. Construction
    Construction
  11. Educational Services
    Educational Services
  12. Finance and Insurance
    Finance and Insurance
  13. Information
    Information
  14. Management of Companies & Enterprises
    Management of Companies & Enterprises
  15. Mining
    Mining
  16. Other Services (except Public Administration)
    Other Services (except Public Administration)
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background