Critical Vulnerability in VMware vCenter (VMSA-2021-0010)

What is and How to Apply the Patch for VMware vCenter Server Critical Vulnerability VMSA-2021-0012

What is it and how to apply the fix for vulnerability VMSA-2021-0012

On 05/25/2021 it was discovered by Ricter Z gives 360 Noah Lab a critical vulnerability, rated 9.8, in the vCenter product from the manufacturer VMware. The vSphere Client (HTML5) contains a remote code execution vulnerability due to a lack of input validation in the Virtual SAN Health Check plugin, which is enabled by default in vCenter Server. VMware has assessed the severity of this issue as being in the  critical gravity range with a maximum CVSSv3 base score of 9,8.

CVEs registered on the CVE Miter website: CVE-2021-21985, CVE-2021-21986

Read more:

What is the VMware vExpert Program?
Schedule a reboot on Windows Server
The best Windows Server courses of 2021
New Virus changing DNS and Stopping Services
Enabling the RDP Protocol via Powershell

Affected Products:

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

There are 2 ways to apply the correction that will be mentioned below. However, I will first list some points of attention that should be considered before applying any of the procedures below.

Prerequisites

1 – Make sure the account passwords VCSA (vCenter Appliance Server) root and [email protected] are stored correctly and are not locked. By default, the root account of VCSA locks up after 90 days, which can be an unwanted surprise if you need it in an emergency. Before applying the patch, we suggest verifying that these accounts work correctly, recovering passwords if necessary, which usually requires a restart of vCenter Server.

2 – Make sure there is a DNS Type A (forward) and PTR (reverse) record configured correctly for the vCenter Server. You may think “these are basic and have been set up a long time ago”, but it only takes a second to check and sometimes you learn interesting things. PTR records are required for vCenter Server and if not, create them now.

3 – Make sure the vCenter Server backup is configured and running successfully in the scheduled routine. If necessary, perform the backup before the procedure, which generates an average of 15 20 minutes ago in my case. 

You can configure this through the Virtual Appliance Management Interface (VAMI) on port 5480 / tcp on VCSA (vCenter Appliance Server).

Ex: https://your_vcenter_address:5480

4 – Take a snapshot of VCSA (vCenter Appliance Server) before upgrade. 

Note: Snapshots have performance impacts, so be sure to delete them right after the update check.

Technical Procedure

To carry out the remediation procedure, follow the instructions below:

palliative procedure: https://kb.vmware.com/s/article/83829

Note: This palliative procedure consists of disabling all vCenter plugins. If you choose this path, be aware that the information that the plugins show will no longer be available.

To perform the update procedure, follow the instructions below that apply to your scenario.

Attention: Always validate the compatibility matrix.

Procedures to update and build vCenter 18010531

Apply Update for Appliance 7.0

Apply Update for Appliance 6.7

Apply Update for Appliance 6.5

Apply Update for vCenter 6.X on Windows

Credits for technical procedures: ferozrah

Source / References

Ar7 Technology

Official announcement

VMware Blog

VMware Forum

Ciso Advisor

Farewell and thanks.

Hope this helps.

Leave your feedback in the comments below, don't forget to subscribe, share on social networks and stay tuned for news.

Hugs

Was this article helpful?

To maintain a quality standard for you, we have invested in a great hosting plan, Paid CDN, Website Optimization Plugins, etc ...

Help us to keep the project active! 

Follow the news in real time. Follow our Instagram profile..

Arthur Nycael
Technology enthusiast, graduated in Computer Networks and Postgraduate in Information Security. With experience in critical environments and high availability 24x7x365, acting directly in the disciplines of virtualization, storage, backup, Windows and Linux servers, antivirus and Google suite. I have been producing content since 2016, but now I am dedicated to bringing it more structured and in a very didactic, simple and objective way here on the portal and on the private blog ar7technology.com.br
en_USEnglish

UP TO 90% DISCOUNT

TAKE OFF YOUR CAREER !!

Do you want to upgrade your career? 

Invest in yourself and get ahead! Get that dream job in 2022!