On May 25, 2021, VMware released a new critical security advisory, VMSA-2021-0010 (CVE-2021-21985 & CVE-2021-21986), affecting vCenter Server 6.5, 6.7, and 7.0. These vulnerabilities could allow a malicious actor to gain access to vCenter by exploiting the vSAN plugin, even if vSAN is not currently in use. VMware has also made improvements to the vCenter Server plugin framework to better enforce plugin authentication and prevent this type of vulnerability in the future.
How Avertium is Protecting Our Customers:
- Avertium is notifying customers of this critical vulnerability, and assisting with patching for our VMaaS managed patching customers.
- Avertium is patching internal and hosted customer vCenter Servers to remediate this vulnerability.
- Avertium uses blackbox techniques making vCenter Server inaccessible from the network for customer SIEM platforms hosted in VMware.
- Perform emergency patching of vCenter Server as soon as possible.
- If patching is not possible immediately, apply the workarounds documented in VMware KB83829.
- Minimize the number of plugins installed in vCenter Server.
- VMware does not consider blocking traffic to vCenter at the firewall sufficient to remediate this vulnerability. They are urging all customers to patch or apply the workaround as soon as possible.
What You Should Do to Protect Against CVE-2020-12608
Avertium strongly encourages you to implement the software patch PME version 1.1.15 to preemptively mitigate this software flaw and utilize the most up to date cybersecurity measures to protect your patch management infrastructure.
Depending on the needs of the business, consider any serious long-term probing attempts on your assets to reveal a potential threat.
- vCenter Server 6.5, 6.7, and 7.0