Vulnerabilities and Exposures for VMware ESXi and VMware vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
Thank you for using Enterprise Cloud (ECL) service.
Please be informed of the response method and workaround of vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) which were found in VMware ESXi and VMware vCenter Server provided by VMware in the Hypervisor menu for ECL2.0.
Official Image Template
Please upgrade to the modified version or perform a workaround.
How to deal with CVE-2021-21974
Please apply the patch to vSphere ESXi. The patch for each version is on following site. * VMware account is required.
vSphere ESXi 6.7
vSphere ESXi 6.5
Please stop the openslp service of vSphere ESXi. Please refer to the following URL for details.
How to Disable/Enable CIM Server on VMware ESXi (76372).
How to deal with CVE-2021-21972,CVE-2021-21973
Please upgrade the modified version and download the image of each version from the following site. * VMware account is required.
vCenter Server 6.7
vCenter Server 6.5
After SSH login to vCenter Server, please edit the configuration file to disable the vulnerable plugin. Please refer to the following URL for details.
VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374).