The Cybersecurity and Infrastructure Security Agency (CISA) published a notice regarding cyber threat actors that are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.
Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system. VMware vCenter Server and VMware Cloud Foundation are part of the underlying infrastructure for most agencies with on-premises network management.
CISA is encouraging private sector organizations, including medical and dental providers, to review VMware’s VMSA-21-0010, blogpost, and FAQ for more information about the vulnerability and apply the necessary updates as soon as possible, even if it would mean pushing updates outside of your normal patch schedule. If your organization cannot immediately apply the update, then apply the workarounds in the interim.
We encourage you to forward the information in this alert to your IT vendor for immediate action.