What is it and how to apply the fix for vulnerability VMSA-2021-0012
On 05/25/2021 it was discovered by Ricter Z gives 360 Noah Lab a critical vulnerability, rated 9.8, in the vCenter product from the manufacturer VMware. The vSphere Client (HTML5) contains a remote code execution vulnerability due to a lack of input validation in the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server. VMware has assessed the severity of this issue as being in the critical gravity range with a maximum CVSSv3 base score of 9,8.
CVEs registered on the CVE Miter website: CVE-2021-21985, CVE-2021-21986
Read more:
What is the VMware vExpert Program?
Schedule a reboot on Windows Server
The best Windows Server courses of 2021
New Virus changing DNS and Stopping Services
Enabling the RDP Protocol via Powershell
Affected Products:
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
There are 2 ways to apply the correction that will be mentioned below. However, I will first list some points of attention that should be considered before applying any of the procedures below.
Prerequisites
1 – Make sure the account passwords VCSA (vCenter Appliance Server) root and [email protected] are stored correctly and are not locked. By default, the root account of VCSA locks up after 90 days, which can be an unwanted surprise if you need it in an emergency. Before applying the patch, we suggest verifying that these accounts work correctly, recovering passwords if necessary, which usually requires a restart of vCenter Server.
2 – Make sure there is a DNS Type A (forward) and PTR (reverse) record configured correctly for the vCenter Server. You may think “these are basic and have been set up a long time ago”, but it only takes a second to check and sometimes you learn interesting things. PTR records are required for vCenter Server and if not, create them now.
3 – Make sure the vCenter Server backup is configured and running successfully in the scheduled routine. If necessary, perform the backup before the procedure, which generates an average of 15 20 minutes ago in my case.
You can configure this through the Virtual Appliance Management Interface (VAMI) on port 5480 / tcp on VCSA (vCenter Appliance Server).
Ex: https://your_vcenter_address:5480
4 – Take a snapshot of VCSA (vCenter Appliance Server) before upgrade.
Note: Snapshots have performance impacts, so be sure to delete them right after the update check.
Technical Procedure
To carry out the remediation procedure, follow the instructions below:
palliative procedure: https://kb.vmware.com/s/article/83829
Note: This palliative procedure consists of disabling all vCenter plugins. If you choose this path, be aware that the information that the plugins show will no longer be available.
To perform the update procedure, follow the instructions below that apply to your scenario.
Attention: Always validate the compatibility matrix.
Procedures to update and build vCenter 18010531
Apply Update for Appliance 7.0
Apply Update for Appliance 6.7
Apply Update for Appliance 6.5
Apply Update for vCenter 6.X on Windows
Credits for technical procedures: ferozrah
Source / References
Farewell and thanks.
Hope this helps.
Leave your feedback in the comments below, don't forget to subscribe, share on social networks and stay tuned for news.
Hugs
Was this article helpful?
To maintain a quality standard for you, we have invested in a great hosting plan, Paid CDN, Website Optimization Plugins, etc ...
Help us to keep the project active!
Follow the news in real time. Follow our Instagram profile..
English 
Portuguese 