Is your environment safe from this new vCenter Vulnerability
A new vulnerability announced by VMware on 25th May 2021 affecting vCenter server and vCloud Foundation.
vCenter is a tool used to manage virtualization in large data centers.
“This issue is serious IMO”
Imagine someone for example an attacker can access your environment without needing a username or password and have full rights on your environment.
A serious issue, right?
vCenter is a virtualization management software. If you have access to vCenter, you gain access to virtualization layer( ESXi) and OS layer. So it is important to give only authorized users access to vCenter servers. As per VMware, an unauthorized users can gain access to your environment due to a bug in Plug-ins especially Virtual SAN Health Check plug-in.
“VMware vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the VMware vSAN health check plug-in. A malicious actor with network access to port 443 might exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
“VMware vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the vSAN health check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Client plug-ins. A malicious actor with network access to port 443 on vCenter Server might perform actions allowed by the impacted plug-ins without authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2021-21986 to this issue. For more information, see VMware Security Advisory VMSA-2021-0010. ”
As per VMware, this is a critical issue having a CVSSv3 base score of 9.8/10
Is your environment vulnerable or protected?
This issue affected for vCenter 6.5,6.7,7.0 and vCloud foundation version (3.10.2.1 and 4.2.1)
How to protect
- Update vCenter or vCloud with the latest patch or
- Apply workaround
Product | Version | Fixed Version | Workaround |
vCenter | 6.5 | 6.5 U3p Build 17994927 | KB83829 |
vCenter | 6.7 | 6.7 U3n Build 18010531 | KB83829 |
vCenter | 7.0 | 7.0 U2b Build 17958471 | KB83829 |
vCloud | 3.x | 3.10.2.1 | KB83829 |
vCloud | 4.x | 4.2.1 | KB83829 |
Link to Download the Patch
6.5
6.7
7.0
3.10.2.1
4.2.1
https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=VCF421&productId=1121&rPId=67576
Reference