vulnerability

vCenter Server local privilege escalation vulnerability (VMSA-2021-0020) (CVE-2021-21991)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Sep 21, 2021	Jan 21, 2022	Jan 24, 2022

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Sep 21, 2021

Added

Jan 21, 2022

Modified

Jan 24, 2022

Description

The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash).

Solution

vmware-vcenter-cve-2021-21991-upgrade-latest

References

CVE-2021-21991
https://attackerkb.com/topics/CVE-2021-21991
URL-https://www.vmware.com/security/advisories/VMSA-2021-0020.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today