CVE-2021-21994

CVSS V2 Medium 6.8 CVSS V3 Critical 9.8

Description

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Overview

CVE ID
CVE-2021-21994

Assigner
security@vmware.com

Vulnerability Status
Analyzed

Published Version
2021-07-13T19:15:09

Last Modified Date
2022-06-02T19:18:41

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:o:vmware:cloud_foundation::::::::	1	OR	3.0	3.10.2
cpe:2.3:o:vmware:cloud_foundation::::::::	1	OR	4.0	4.3
cpe:2.3:o:vmware:esxi:6.5:-::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201704001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201707221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201710001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201712001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201803001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201806001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201808001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201810001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201810002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201811301::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201901001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201903001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201905001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201908001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201910001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-20191004001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201911001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201911401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201911402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912104::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912301::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-201912404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202005001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202006001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202007001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202010001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202011001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202011002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202102001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202102002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.5:650-202102003::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:-::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201806001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201807001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201808001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810222::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810223::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810224::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810225::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810226::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810227::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810228::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810229::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810230::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810231::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810232::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810233::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201810234::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201811001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201901403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201903001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904201-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904202-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904203-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904204-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904205-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904206-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904207-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904208-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904209-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904210-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904211-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904212-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904213-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904214-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904215-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904216-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904217-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904218-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904219-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904220-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904221-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904222::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904222-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904223::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904223-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904224::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904224-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904225::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904225-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904226::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904226-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904227::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904227-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904228::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904228-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904229::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201904229-ug::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201905001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201906002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908103::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908104::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908201::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908202::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908203::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908204::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908205::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908206::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908207::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908208::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908209::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908210::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908211::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908212::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908213::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908214::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908215::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908216::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908217::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908218::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908219::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908220::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201908221::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201911001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912101::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912102::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-201912405::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004301::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004401::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004402::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004403::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004404::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004405::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004406::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004407::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202004408::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202006001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202008001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202010001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202011001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202011002::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202102001::::::	1	OR
cpe:2.3:o:vmware:esxi:6.7:670-202103001::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:-::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:beta::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:update_1::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:update_1a::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:update_1b::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:update_1c::::::	1	OR
cpe:2.3:o:vmware:esxi:7.0:update_1d::::::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector
NETWORK

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
6.8

Severity
MEDIUM

Exploitability Score
8.6

Impact Score
6.4

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
HIGH

Base Score
9.8

Base Severity
CRITICAL

Exploitability Score
3.9

Impact Score
5.9

References

Reference URL	Reference Tags
https://www.vmware.com/security/advisories/VMSA-2021-0014.html	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-21994
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21994

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 07:06:42				Added to TrackCVE
2022-12-05 06:01:06	2021-07-13T19:15Z	2021-07-13T19:15:09	CVE Published Date	updated
2022-12-05 06:01:06		2022-06-02T19:18:41	CVE Modified Date	updated
2022-12-05 06:01:06		Analyzed	Vulnerability Status	updated