{"id":3421,"date":"2021-03-10T22:42:23","date_gmt":"2021-03-10T19:42:23","guid":{"rendered":"https:\/\/csirt.lacnic.net\/?p=3421"},"modified":"2021-03-10T22:51:02","modified_gmt":"2021-03-10T19:51:02","slug":"critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","status":"publish","type":"post","link":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","title":{"rendered":"Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)"},"content":{"rendered":"\n<p>The of these vulnerabilities is identified as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-21972\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2021-21972<\/a> and classified as critical. It allows remote code execution on the underlying operating system when the vSphere Client (HTML5) can be accessed over the network. This vulnerability is found in a vSphere Client (HTML5) plugin installed by default on the server.<\/p>\n\n\n\n<p>To exploit this vulnerability, a malicious actor must execute commands through the affected server&#8217;s vulnerable URL.<\/p>\n\n\n\n<p>The affected versions and their security fixes are as follows:<\/p>\n\n\n\n<figure class=\"wp-block-table tabla\"><table><tbody><tr><td>Product<\/td><td>Version<\/td><td>CVSSv3<\/td><td>Severity<\/td><td>Fixed Version<\/td><\/tr><tr><td>vCenter Server<\/td><td>7.0<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">9.8<\/a><\/td><td>Critical<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-70u1c-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">7.0 U1c<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.7<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">9.8<\/a><\/td><td>Critical<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.7\/rn\/vsphere-vcenter-server-67u3l-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">6.7 U3l<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.5<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">9.8<\/a><\/td><td>Critical<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.5\/rn\/vsphere-vcenter-server-65u3n-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">6.5 U3n<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The next vulnerability is classified as important and identified as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-21974\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2021-21974<\/a>. A malicious actor who has access to ESXi hypervisor TCP\/UDP port 427 can remotely execute code by performing a heap-overflow attack in the OpenSLP service.<\/p>\n\n\n\n<p>The affected versions and their security fixes are as follows:<\/p>\n\n\n\n<figure class=\"wp-block-table tabla\"><table><tbody><tr><td>Product<\/td><td>Version<\/td><td>CVE Identifier<\/td><td>CVSSv3<\/td><td>Fixed version<\/td><\/tr><tr><td>ESXi<\/td><td>7.0<\/td><td>CVE-2021-21974<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">8.8<\/a><\/td><td>ESXi70U1c-17325551<\/td><\/tr><tr><td>ESXi<\/td><td>6.7<\/td><td>CVE-2021-21974<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">8.8<\/a><\/td><td>ESXi670-202102401-SG<\/td><\/tr><tr><td>&nbsp;ESXi<\/td><td>6.5<\/td><td>CVE-2021-21974<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1%23CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">8.8<\/a><\/td><td>ESXi650-202102101-SG<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The third vulnerability is identified as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-21973\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CVE-2021-21973<\/a>, it is classified as moderately critical, and found in a vSphere Client (HTML5). According to VMware, it is possible to perform an SSRF (Server-Side Request Forgery) attack through an improperly validated URL on the vCenter server-side.<\/p>\n\n\n\n<p>To exploit the vulnerability, a malicious actor needs access to port 443 to send a POST request to the vulnerable URL.<\/p>\n\n\n\n<p>Both the CVE-2021-21972 and the CVE-2021-21973 vulnerabilities can be fixed by updating the system or following the workaround instructions offered in the <a href=\"https:\/\/kb.vmware.com\/s\/article\/82374\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KB82374<\/a><strong> <\/strong>guide.<\/p>\n\n\n\n<p>In GitHub there are proofs of concept for both vulnerabilities. This aggravates the problem, as the vulnerability might be exploited without having any knowledge of VMware technology.<\/p>\n\n\n\n<figure class=\"wp-block-table tabla\"><table><tbody><tr><td>Product<\/td><td>Version<\/td><td>Fixed version<\/td><td>Workarounds<\/td><\/tr><tr><td>vCenter Server<\/td><td>7.0<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-70u1c-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">7.0 U1c<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/82374\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KB82374<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.7<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.7\/rn\/vsphere-vcenter-server-67u3l-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">6.7 U3l<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/82374\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KB82374<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.5<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.5\/rn\/vsphere-vcenter-server-65u3n-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">6.5 U3n<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/82374\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">KB82374<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Recommendation<\/strong><strong><\/strong><\/h2>\n\n\n\n<p>LACNIC CSIRT recommends installing the latest version of each system and avoiding exposing services to the Internet.<\/p>\n\n\n\n<p>It is advisable to analyze web server logs to detect potential exploitations of this vulnerability. Based on exploits that have been made public, the following URI paths should be targeted:<\/p>\n\n\n\n<p><strong>\u201c\/ui\/vropspluginui\/rest\/services\/uploadova\u201d<\/strong><strong><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>More information<\/strong><strong><\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0002.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0002.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The of these vulnerabilities is identified as CVE-2021-21972 and classified as critical. It allows remote code execution on the underlying operating system when the vSphere Client (HTML5) can be accessed over the network. This vulnerability is found in a vSphere Client (HTML5) plugin installed by default on the server. To exploit this vulnerability, a malicious [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[46,24],"tags":[],"class_list":["post-3421","post","type-post","status-publish","format-standard","hentry","category-archive","category-security-alerts"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)\" \/>\n<meta property=\"og:description\" content=\"The of these vulnerabilities is identified as CVE-2021-21972 and classified as critical. It allows remote code execution on the underlying operating system when the vSphere Client (HTML5) can be accessed over the network. This vulnerability is found in a vSphere Client (HTML5) plugin installed by default on the server. To exploit this vulnerability, a malicious [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC CSIRT\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-10T19:42:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-10T19:51:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gianni Arena\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic_csirt\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic_csirt\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\"},\"author\":{\"name\":\"Gianni Arena\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/person\\\/d5c65fde1dbe338128788dcc20e9f5d3\"},\"headline\":\"Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)\",\"datePublished\":\"2021-03-10T19:42:23+00:00\",\"dateModified\":\"2021-03-10T19:51:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\"},\"wordCount\":385,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\"},\"articleSection\":[\"Archive\",\"Security Alerts\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\",\"name\":\"LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#website\"},\"datePublished\":\"2021-03-10T19:42:23+00:00\",\"dateModified\":\"2021-03-10T19:51:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/security-alerts\\\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/\",\"name\":\"LACNIC CSIRT\",\"description\":\"Incident Response Center - LACNIC CSIRT\",\"publisher\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#organization\",\"name\":\"LACNIC CSIRT\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/wp-content\\\/uploads\\\/lacnic-csirt-2020.png\",\"contentUrl\":\"https:\\\/\\\/csirt.lacnic.net\\\/wp-content\\\/uploads\\\/lacnic-csirt-2020.png\",\"width\":680,\"height\":330,\"caption\":\"LACNIC CSIRT\"},\"image\":{\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/lacnic_csirt\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/#\\\/schema\\\/person\\\/d5c65fde1dbe338128788dcc20e9f5d3\",\"name\":\"Gianni Arena\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g\",\"caption\":\"Gianni Arena\"},\"url\":\"https:\\\/\\\/csirt.lacnic.net\\\/en\\\/author\\\/gianni\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","og_locale":"en_US","og_type":"article","og_title":"LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)","og_description":"The of these vulnerabilities is identified as CVE-2021-21972 and classified as critical. It allows remote code execution on the underlying operating system when the vSphere Client (HTML5) can be accessed over the network. This vulnerability is found in a vSphere Client (HTML5) plugin installed by default on the server. To exploit this vulnerability, a malicious [&hellip;]","og_url":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","og_site_name":"LACNIC CSIRT","article_published_time":"2021-03-10T19:42:23+00:00","article_modified_time":"2021-03-10T19:51:02+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","type":"image\/png"}],"author":"Gianni Arena","twitter_card":"summary_large_image","twitter_creator":"@lacnic_csirt","twitter_site":"@lacnic_csirt","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#article","isPartOf":{"@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974"},"author":{"name":"Gianni Arena","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/person\/d5c65fde1dbe338128788dcc20e9f5d3"},"headline":"Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)","datePublished":"2021-03-10T19:42:23+00:00","dateModified":"2021-03-10T19:51:02+00:00","mainEntityOfPage":{"@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974"},"wordCount":385,"commentCount":0,"publisher":{"@id":"https:\/\/csirt.lacnic.net\/en\/#organization"},"articleSection":["Archive","Security Alerts"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#respond"]}]},{"@type":"WebPage","@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","url":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974","name":"LACNIC CSIRT - Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)","isPartOf":{"@id":"https:\/\/csirt.lacnic.net\/en\/#website"},"datePublished":"2021-03-10T19:42:23+00:00","dateModified":"2021-03-10T19:51:02+00:00","breadcrumb":{"@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/csirt.lacnic.net\/en\/security-alerts\/critical-vulnerabilities-in-vmware-esxi-and-vcenter-server-cve-2021-21972-cve-2021-21973-cve-2021-21974#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/csirt.lacnic.net\/en"},{"@type":"ListItem","position":2,"name":"Critical Vulnerabilities in VMware ESXi and vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)"}]},{"@type":"WebSite","@id":"https:\/\/csirt.lacnic.net\/en\/#website","url":"https:\/\/csirt.lacnic.net\/en\/","name":"LACNIC CSIRT","description":"Incident Response Center - LACNIC CSIRT","publisher":{"@id":"https:\/\/csirt.lacnic.net\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/csirt.lacnic.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/csirt.lacnic.net\/en\/#organization","name":"LACNIC CSIRT","url":"https:\/\/csirt.lacnic.net\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/logo\/image\/","url":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","contentUrl":"https:\/\/csirt.lacnic.net\/wp-content\/uploads\/lacnic-csirt-2020.png","width":680,"height":330,"caption":"LACNIC CSIRT"},"image":{"@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/lacnic_csirt"]},{"@type":"Person","@id":"https:\/\/csirt.lacnic.net\/en\/#\/schema\/person\/d5c65fde1dbe338128788dcc20e9f5d3","name":"Gianni Arena","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc620878b92e4930abb5951af723f7e852088c31f8489beda9016e53725fb1f2?s=96&d=mm&r=g","caption":"Gianni Arena"},"url":"https:\/\/csirt.lacnic.net\/en\/author\/gianni"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/3421","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/comments?post=3421"}],"version-history":[{"count":0,"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/3421\/revisions"}],"wp:attachment":[{"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/media?parent=3421"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/categories?post=3421"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/csirt.lacnic.net\/en\/wp-json\/wp\/v2\/tags?post=3421"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}