Security researchers discover VMware bug that could allow remote command execution
Positive Technologies expert Egor Dimitrenko discovered a high-severity vulnerability in the VMware vSphere Replication data replication tool. This solution allows organizations to create backups of virtual machines and run them if the main virtual machine reports a failure. The bug could have allowed attackers with access to the VMware vSphere Replication administration web interface to execute arbitrary code on the server with maximum privileges and start lateral movement on the network to seize control of the corporate infrastructure.
VMware has fixed the vulnerability that could have allowed remote command execution on the server. The security flaw is known as CVE-2021-21976 and has a CVSS v3 score of 7.2.