VMware Announces vCenter Server & Cloud Foundation Vulnerabilities With 9.8 Severity Rating

by Danny Simmons
Senior Systems Engineer

VMware announced on September 21st, 2021 (Advisory ID: VMSA-2021-0020) nineteen new vulnerabilities that target vCenter Server 6.5, 6.7 and 7.0 as well as Cloud Foundation (vCenter Server) versions 3.x and 4.x.

CVE-2021-22005 is the most concerning out of the nineteen vulnerabilities as it has a severity rating of 9.8 out of 10 and is marked as critical and affects vCenter Server 6.7 and 7.0 as well as Cloud Foundation (vCenter Server) versions 3.x and 4.x

CVE-2021-22005: Outlines a file upload vulnerability in vCenter Server’s Analytics Service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Note: This issue does not affect vCenter Server 6.5

VMware highly recommends deploying the following updates or workarounds to address this highly critical vulnerability.

Fixed Version
vCenter Server
Version 7.0
Apply Update U2c

Workaround (if patch update is not an option):
vCenter Server
Version 7.0
Apply workaround instructions: https://kb.vmware.com/s/article/85717

Fixed Version
vCenter Server
Version 6.7
Apply Update U3o

Workaround (if patch update is not an option):
vCenter Server
Version 6.7
Apply workaround instructions: https://kb.vmware.com/s/article/85717

Fixed Version
Cloud Foundation (vCenter Server)
Version 4.x
Apply Update 4.3 (https://kb.vmware.com/s/article/85718)

Workaround (if patch update is not an option):
Cloud Foundation (vCenter Server)
Version 4.x
Apply workaround instructions: https://kb.vmware.com/s/article/85717

Fixed Version
Cloud Foundation (vCenter Server)
Version 3.x
Apply Update 3.10.2.2 (https://kb.vmware.com/s/article/85719)

Workaround (if patch update is not an option):
Cloud Foundation (vCenter Server)
Version 3.x
Apply workaround instructions: https://kb.vmware.com/s/article/85717

Due to the severity of the outlined vulnerabilities, Helient Systems recommends patching and or implementing the recommended VMWare product workarounds at the earliest opportunity.

Helient Systems will be contacting our Managed Services customers to plan and schedule remediation against these vulnerabilities.

If you would like assistance planning and remediating these vulnerabilities in your environment, please contact our experts at service@helient.com.