The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Valid credentials for user with "admin" role
More details and the exploitation process can be found in this PDF.