VMware Vulnerabilities and Security Updates, May, 2021
VMware has released security updates to address remote code execution and authentication vulnerabilities (CVE-2021-21985 and CVE-2021-21986) in VMware vCenter Server and Cloud Foundation.
Affected products and versions are as follows:
- VMware vCenter Server
- versions 7.0 prior to 7.0 U2b
- versions 6.7 prior to 6.7 U3n
- versions 6.5 prior to 6.5 U3p
2. VMware Cloud Foundation (vCenter Server)
- versions 4.x prior to 4.2.1
- versions 3.x prior to 126.96.36.199
A remote attacker with network access to port 443 may execute commands with unrestricted privileges on the underlying operating system by leveraging these vulnerabilities. This needs administrators’ immediate attention if they are using vCenter Server.
The National Cyber Security Authority (NCSA) recommends all administrators, who use VMware vCenter Server to:
- Immediately apply the latest security patch to the vCenter Server version currently in use, which will eventually update other plugins in new versions and remove the vulnerability completely.
- If the patch cannot be applied right away, the administrator can refer to these workarounds and use them as a guide to disable the affected plugins. This method involves editing a text file on the vCenter Server Appliance (VCSA) and restarting services. Remember to re-enable those plugins after you apply the updates.
For further information and support, please contact the National Cyber Security Authority (NCSA) by email firstname.lastname@example.org or call us on 9009