Vulnerability CVE-2021-21994

Vulnerability CVE-2021-21994

Published: 2021-07-13

Description:

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Vmware -> Cloud foundation
Vmware -> ESXI

References:

https://www.vmware.com/security/advisories/VMSA-2021-0014.html

Copyright 2024, cxsecurity.com