CVE-2021-21994

Summary

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi and VMware Cloud FoundationVMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)affected

Weaknesses

  • Authentication bypass vulnerability

ADP Enrichment

CVE Program Container

Additional References

References