VMware Security Announcement VMSA-2021-0014, CVSSv3 range 5.3-7.0 Important

New VMware security advisory released, VMSA-2021-0014. This one affects VMware ESXi, the updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995).

Impacted Products
  • VMware ESXi
  • VMware Cloud Foundation (Cloud Foundation)
Introduction

Multiple vulnerabilities in VMware ESXi were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products.

ESXi SFCB improper authentication vulnerability (CVE-2021-21994)

Description

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.0.

Known Attack Vectors

A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Workarounds

There is a workaround for this issue listed here How to disable or enable the SFCB service (CIM Server) on the ESX/ESXi host (1025757) (vmware.com)

Resolution

For ESXi 7.0, apply fixed version ESXi70U2-17630552. Download links and documentation will be provided below.

For ESXI 6.7, apply fixed version ESXi670-202103101-SG. Download links and documentation will be provided below.

For ESXi 6.5, apply fixed version ESXi650-202107401-SG. Download links and documentation will be provided below.

For Cloud Foundation (ESXi) 4.x, there is a patch pending release

For Cloud Foundation (ESXi) 3.x, apply fixed version 3.10.2. Download links and documentation will be provided below.

ESXi OpenSLP denial-of-service vulnerability (CVE-2021-21995)

Description

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

Known Attack Vectors

A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Workarounds

There is a workaround for this issue listed here How to Disable/Enable the SLP Service on VMware ESXi (76372)

Resolution

For ESXi 7.0, apply fixed version ESXi70U2-17630552. Download links and documentation will be provided below.

For ESXI 6.7, apply fixed version ESXi670-202103101-SG. Download links and documentation will be provided below.

For ESXi 6.5, apply fixed version ESXi650-202107401-SG. Download links and documentation will be provided below.

For Cloud Foundation (ESXi) 4.x, there is a patch pending release

For Cloud Foundation (ESXi) 3.x, apply fixed version 3.10.2. Download links and documentation will be provided below.

References

VMware ESXi 7.0 ESXi70U2-17630552
Downloads and Documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-702-release-notes.html

VMware ESXi 6.7 ESXi670-202103101-SG
Downloads and Documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202103001.html

VMware ESXi 6.5 ESXi650-202107401-SG
Downloads and Documentation:
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202107001.html

VMware vCloud Foundation 3.10.2
Downloads and Documentation:
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10.2/rn/VMware-Cloud-Foundation-3102-Release-Notes.html