If successfully exploited, CVE-2021-21972 would allow an adversary with access to port 443 to remotely execute commands with unrestricted privileges on the underlying operating system hosting VMware vCenter Server. VMware evaluates the severity of this issue to be Critical in their severity range. Proof of concept code to exploit the vulnerability has been published online.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) strongly encourages users and administrators to review the VMware advisory for CVE-2021-21972 (VMSA-2021-0002) and update their systems promptly. The ASD's ACSC recommends that enterprises should restrict the exposure of management interfaces internally and externally to their enterprise.
Further information about CVE-2021-21972 is available on VMware’s website.