What is VMSA-2021-0010 vulnerability?
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used.
Implementation Time: Immediate
These updates fix a critical security vulnerability, and it needs to be considered at once. Organizations that practice change management using the ITIL definitions of change types would consider this an “emergency change.” All environments are different, have different tolerance for risk, and have different security controls & defense-in-depth to mitigate risk, so the decision on how to proceed is up to you. However, given the severity, we strongly recommend that you act.
Why you are affected by VMSA-2021-0010?
The VMSA outlines two issues that are resolved in this patch release. First, there is a remote code execution vulnerability in the vSAN plugin, which ships as part of vCenter Server. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not.
Second, improvements were made to the vCenter Server plugin framework to better enforce plugin authentication. This affects some VMware plugins, and may also cause some third-party plugins to stop working. VMware partners have been notified and are working to test their plugins (most continue to work), but there may be a period after updating when a virtualization admin team may need to access backup, storage, or other systems through their respective management interfaces and not through the vSphere Client UI. If a third-party plugin in your environment is affected, please contact the vendor that supplied it for an update.
How to Protect your environment?
Don’t think twice patch your vCenter immedietly, this is the fastest way to resolve this problem, doesn’t involve editing files on the vCenter Server Appliance (VCSA), and removes the vulnerability completely. From there you can update any plugins as vendors release new versions.
Steps to Patch your vCenter server:
There are three ways to patch the vCenter,
- Patch the vCenter appliance using iso (offline update).
- Patch the vCenter appliance using command line (Offline Update).
- Patch the vCenter appliance using vCenter appliance Management appliance page (VAMI – Port:5480)
To know more about the vulnerability please refer the below links,
https://www.vmware.com/security/advisories/VMSA-2021-0010.html (Details about the issue and workaround).
https://via.vmw.com/vmsa-2021-0010-communities (Right place for your queries).
https://via.vmw.com/vmsa-2021-0010-blog (Official VMware Blog)