News

Vulnerabilities and Exposures for VMware ESXi and VMware vCenter Server (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)


Thank you for using Enterprise Cloud (ECL) service.

Please be informed of the response method and workaround of vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) which were found in VMware ESXi and VMware vCenter Server provided by VMware in the Hypervisor menu for ECL2.0.

Vulnerability information

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Affected Menu

CVE

Affected Menu

CVE-2021-21974

Official Image Template

  • ESXi-6.5.u1_64_BYOL_baremetal-server_01

  • ESXi-6.7.u3_64_BYOL_baremetal-server_01

  • vSphere_ESXi-6.5.u1_64_dedicated-hypervisor_01

  • vSphere_ESXi-6.7.u3_64_dedicated-hypervisor_01

CVE-2021-21972,CVE-2021-21973

Guest Image

  • vCenter-Server_6.5_u1e_Standard_not-include-lisence_vSphere-ESXi_001

  • vCenter-Server-Appliance_6.7_u3b_Standard_not-include-license_vSphere-ESXi_001

Countermeasure

Please upgrade to the modified version or perform a workaround.

How to deal with CVE-2021-21974

Solution

  • Please apply the patch to vSphere ESXi. The patch for each version is on following site. * VMware account is required.

Workaround

How to deal with CVE-2021-21972,CVE-2021-21973

Solution

  • Please upgrade the modified version and download the image of each version from the following site. * VMware account is required.

Workaround

 

Thank you.