JPCERT-AT-2021-0011
JPCERT/CC
2021-02-25(Initial)
2021-03-01(Update)
I. Overview
On February 23, 2021 (US Time), VMware has released advisory(VMSA-2021-0002) regarding vulnerabilities in their multiple products.A remote attacker may upload an arbitrary file or execute arbitrary command with SYSTEM privileges by leveraging these vulnerabilities.For more information, please refer to the information provided by VMware.
VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
In addition, JPCERT/CC has confirmed the information that describes the details of the vulnerability of VMware vCenter Server(CVE-2021-21972), and the Proof-of-concept code, and scanning activity to search for systems affected by this vulnerability.
On February 25, 2021, JPCERT/CC sensors in Japan also observed scans that appear to be searching for systems affected by this vulnerability. There is a possibility that attacks using the scanning information may take place in the future. Please consider taking measures as soon as possible.
If you are using a product which is affected by this vulnerability,please apply the measures by referring to “III. Solution” and”IV. Workarounds”.
II. Affected Products and Versions
Affected products and versions are as follows:
– vCenter Server versions 7.0 prior to 7.0 U1c
– vCenter Server versions 6.7 prior to 6.7 U3l
– vCenter Server versions 6.5 prior to 6.5 U3n
– Cloud Foundation (vCenter Server) versions 4.x prior to 4.2
– Cloud Foundation (vCenter Server) versions 3.x prior to 3.10.1.2
III. Solution
VMware has released versions that address the vulnerability.Please consider updating to an updated version.
– vCenter Server version 7.0 U1c
– vCenter Server version 6.7 U3l
– vCenter Server version 6.5 U3n
– Cloud Foundation (vCenter Server) version 4.2
– Cloud Foundation (vCenter Server) version 3.10.1.2
IV. Workarounds
The following measures are mentioned as workarounds.
– Change VMware vRops Client Plugin to incompatible
VMware states that the application of the workaround will affect the environment in which VMware vRealize Operations is used.For more information, please refer to the information provided by VMware.
VMware
VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374)
https://kb.vmware.com/s/article/82374
V. References
VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
If you have any information regarding this alert, please contact JPCERT/CC.
2021-02-25 First edition
2021-03-01 Updated “I. Overview”
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
The post Security Alert: [Updated] Alert Regarding Vulnerability (CVE-2021-21972) in VMware vCenter Server appeared first on Malware Devil.
https://malwaredevil.com/2021/03/01/security-alert-updated-alert-regarding-vulnerability-cve-2021-21972-in-vmware-vcenter-server/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-updated-alert-regarding-vulnerability-cve-2021-21972-in-vmware-vcenter-server
No comments:
Post a Comment