1.0 Introduction
VMware has released security updates to address a critical vulnerability (CVE-2021-22005) found in the vCenter Server and Cloud Foundation. Users and administrators are encouraged to review the VMware Security Advisory VMSA-2021-0020 and apply the necessary updates and workarounds.
2.0 Impact
Exploiting this vulnerability may allow an attacker with network access to port 443 to execute code on vCenter Server by uploading a specially crafted file.
3.0 Affected System and Devices
Updates are available include:
• VMware vCenter Server (vCenter Server) version 6.7, 7.0
• VMware Cloud Foundation (Cloud Foundation) version 3.x, 4.x
4.0 Recommendations
To mitigate CVE-2021-22005, MyCERT strongly urges critical infrastructure entities and other organizations with affected vCenter Server versions to take the following actions.
• Upgrade to a fixed version as quickly as possible. See VMware Security Advisory VMSA-2021-0020 for patching information.
• Apply the temporary workaround provided by VMware, if unable to upgrade to a fixed version immediately. See VMware’s workaround instructions for CVE-2021-22005, supplemental blog post, and frequently asked questions for additional information.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
- https://www.vmware.com/security/advisories/VMSA-2021-0020.html
- https://core.vmware.com/vmsa-2021-0020-questions-answers-faq#section1
- https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active
- https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-in-default-vcenter-server-installs/
- https://kb.vmware.com/s/article/85717
- https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
- https://core.vmware.com/vmsa-2021-0020-questions-answers-faq