CVE-2021-21994

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Vmware Esxi And Vmware Cloud Foundation
Vendor: CVE Published:; 13 July 2021

Summary

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Affected Version(s)

VMware ESXi and VMware Cloud Foundation VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)

References

https://www.vmware.com/security/advisories/VMSA-2021-0014...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Jan 4, 2021