News
Vulnerabilities and Exposures for VMware ESXi and VMware vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
Thank you for using Enterprise Cloud (ECL) service.
Please be informed of the response method and workaround of vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) which were found in VMware ESXi and VMware vCenter Server provided by VMware in the Hypervisor menu for ECL2.0.
Vulnerability information
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Affected Menu
CVE | Affected Menu |
|---|---|
CVE-2021-21974 | Official Image Template
|
CVE-2021-21972,CVE-2021-21973 | Guest Image
|
Countermeasure
Please upgrade to the modified version or perform a workaround.
How to deal with CVE-2021-21974
Solution
Please apply the patch to vSphere ESXi. The patch for each version is on following site. * VMware account is required.
Minor Version | Patch | URL |
|---|---|---|
vSphere ESXi 6.7 | ESXi670-202102401-SG | https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202102001.html |
vSphere ESXi 6.5 | ESXi650-202102101-SG | https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202102001.html |
Workaround
Please stop the openslp service of vSphere ESXi. Please refer to the following URL for details.
How to Disable/Enable CIM Server on VMware ESXi (76372).
How to deal with CVE-2021-21972,CVE-2021-21973
Solution
Please upgrade the modified version and download the image of each version from the following site. * VMware account is required.
Minor Version | Build Number | URL |
|---|---|---|
vCenter Server 6.7 | 17138064 | https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202102001.html |
vCenter Server 6.5 | 17590285 | https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202102001.html |
Workaround
After SSH login to vCenter Server, please edit the configuration file to disable the vulnerable plugin. Please refer to the following URL for details.
VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374).
Thank you.