vSphere Replication updates address a command injection vulnerability (CVE-2021-21976)

vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity with a maximum CVSSv3 base score of 7.2.

A malicious actor with administrative access in vSphere Replication can execute shell commands on the underlying system. Successful exploitation of this issue may allow authenticated admin user to perform a remote code execution.

To remediate CVE-2021-21976, apply the relevant patches.

Further information and patch details at – https://www.vmware.com/security/advisories/VMSA-2021-0001.html

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: