TR-21-0402 (VMware Güvenlik Zafiyeti)

Genel Bilgi

VMware VCenter Server ürününde Bilgi İfşası ve Uzaktan Kod Çalıştrma zafiyeti tespit edilmiştir.

Etki

Mevcut güvenlik açıklığı nedeniyle, siber saldırganlar tarafından hedef alınan sistemlerde tahribata yol açılması ihtimal dahilindedir. CVE kodları şöyledir:

CVE-2021-21985 ve CVE-2021-21986

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; yayınlanan VMware güncellemelerini yapmalarını önermektedir.

Kaynaklar

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-products-could-allow-for-information-disclosure_2021-070/

https://isc.sans.edu/diary/rss/27458

https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-affecting-all-vcenter-server-installs/

https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html

https://www.vmware.com/products/vcenter-server.html

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

https://www.itnews.com.au/news/vmware-says-critical-vcenter-server-bug-needs-immediate-attention-565049?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+Technology+feed

https://www.itsecuritynews.info/critical-rce-vulnerability-found-in-vmware-vcenter-server-patch-now/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+ItSecurityNewsAggregated+%28IT+Security+News%29

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-vmware-products-could-allow-for-information-disclosure_2021-070/

2021-05-26