CVE-2021-21994

Name of the Vulnerable Software and Affected Versions VMware ESXi versions (affected versions not specified) VMware Cloud Foundation versions (affected versions not specified)

Description The issue is related to an authentication bypass vulnerability in the SFCB (Small Footprint CIM Broker) service. A malicious actor with network access to port 5989 may exploit this issue by sending a specially crafted request to bypass the authentication procedure.

Recommendations For VMware ESXi, as a temporary workaround, consider restricting access to port 5989 until a patch is available. For VMware Cloud Foundation, as a temporary workaround, consider restricting access to port 5989 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.