The vulnerability, tracked as CVE-2021-21985, impacts vCenter Server platforms, which is in widespread use and used to administer VMware s market leading vSphere and ESXi host products. The company said the flaw could allow a remote attacker to exploit its products and take control of a company’s affected system. The vulnerability would allow an attacker to execute arbitrary commands on the underlying vCenter host. All an attacker would need to do is be able to access vCenter server over port 443, she wrote.
Source: https://threatpost.com/vmware-ransomware-alarm-critical-bug/166501/