VMware has patched authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995) that impact VMware ESXi and Cloud Foundation products.
An attacker could exploit this vulnerability and take control of an unpatched system.
CVE-2021-21994
For the first issue, SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability CVE-2021-21994.
“A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request,” VMware stated in the advisory.
The vulnerability has a CVSSv3 base score of 7.0 and is High severity.
CVE-2021-21995
For the second issue, OpenSLP as used in ESXi has a denial-of-service vulnerability due to a heap out-of-bounds read issue CVE-2021-21995.
“A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition,” VMware noted in the advisory.
The vulnerability has a CVSSv3 base score of 5.3 and is also rated Moderate severity.
VMware has provided patches and workarounds to address these vulnerabilities in impacted VMware products.