![vmware esxi 6.7 patch release vmware esxi 6.7 patch release](https://i.ytimg.com/vi/0AKfiXgTZ04/maxresdefault.jpg)
The second vulnerability, CVE-2021-21986, would allow an attacker to perform actions allowed by plugins without authentication. Organisations may want to consider additional security controls and isolation between their IT infrastructure and other corporate networks as part of an effort to implement modern zero-trust security strategies." "This is not unique to VMware products, but it does inform our suggestions here. "Ransomware gangs have repeatedly demonstrated to the world that they are able to compromise corporate networks while remaining extremely patient, waiting for a new vulnerability in order to attack from inside a network," it said. "In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible."Įven having perimeter controls may not be enough, and VMware suggested users look at better network separation. "This needs your immediate attention if you are using vCenter Server," VMware said in a blog post. Users are warned that the patches provide better plugin authentication, and some third-party plugins may break and users are directed to contact the plugin vendor. A customer who is using vSAN should only consider disabling the plugin for short periods of time, if at all," VMware warned. "While vSAN will continue operating, manageability and monitoring are not possible while the plugin is disabled.
VMWARE ESXI 6.7 PATCH RELEASE HOW TO
To fix the issue, VMware recommends users update vCenter, or if not possible, the company has provided instructions on how to disable vCenter Server plugins. "They should also take steps to implement more perimeter security controls (firewalls, ACLs, etc.) on the management interfaces of their infrastructure." "Organisations who have placed their vCenter Servers on networks that are directly accessible from the internet may not have that line of defence and should audit their systems for compromise," the company states. In its FAQ, VMware warned that since the attacker only needs to be able to hit port 443 to conduct the attack, firewall controls are the last line of defence for users.
VMWARE ESXI 6.7 PATCH RELEASE CODE
"The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server," VMware described the issue in an advisory. These vulnerabilities were privately brought to the attention of VMware and customers are urged to patch their systems immediately.The most pressing is CVE-2021-21985, which relates to a remote code execution vulnerability in a vSAN plugin enabled by default in vCenter that an attacker could use to run whatever they wished on the underlying host machine, provided they can access port 443.Įven if users do not use vSAN, they are likely to be affected because the vSAN plugin is enabled by default. Users can patch these flaws, however, by updating the products to the most recent versions. There are workarounds that users can deploy for both CVE-2021-21972 and CVE-2021-21973 that are detailed here until a fix is deployed by the system administrator. This is not as severe as the other two bugs, having only been rated 5.3, but can also be exploited by those with access to port 443 to leak information. Cyber criminals lying dormant within the same network segment as ESXi, also with access to port 427, may trigger the issue in OpenSLP which could also result in remote code execution.įinally, CVE-2021-21973 is a server-side request forgery (SSRF) flaw in vSphere Client which has arisen due to improper validation of URLs in a vCenter Server plugin.
![vmware esxi 6.7 patch release vmware esxi 6.7 patch release](https://www.098.co.kr/wp-content/uploads/2020/12/vmware-ws-pro-vctl.png)