Skip to main content

Advisories

VMware Vulnerabilities and Security Updates, May, 2021

Description

VMware has released security updates to address remote code execution and authentication vulnerabilities (CVE-2021-21985 and CVE-2021-21986) in VMware vCenter Server and Cloud Foundation.

Affected products and versions are as follows:

  1. VMware vCenter Server 
  • versions 7.0 prior to 7.0 U2b
  • versions 6.7 prior to 6.7 U3n
  •  versions 6.5 prior to 6.5 U3p

2. VMware Cloud Foundation (vCenter Server)

  • versions 4.x prior to 4.2.1
  • versions 3.x prior to 3.10.2.1

Security Risks
A remote attacker with network access to port 443 may execute commands with unrestricted privileges on the underlying operating system by leveraging these vulnerabilities. This needs administrators’ immediate attention if they are using vCenter Server.
Recommendation
The National Cyber Security Authority (NCSA) recommends all administrators, who use VMware vCenter Server to:

  • Immediately apply the latest security patch to the vCenter Server version currently in use, which will eventually update other plugins in new versions and remove the vulnerability completely.
  • If the patch cannot be applied right away, the administrator can refer to these workarounds and use them as a guide to disable the affected plugins. This method involves editing a text file on the vCenter Server Appliance (VCSA) and restarting services. Remember to re-enable those plugins after you apply the updates.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email torwcsirt@ncsa.gov.rw or call us on 9009

Reference
VMware
VMSA-2021-0010
https://www.vmware.com/security/advisories/VMSA-2021-0010.html

https://core.vmware.com/resource/vmsa-2021-0010-faq