JPCERT-AT-2021-0011
JPCERT/CC
2021-02-25(Initial)
2021-03-01(Update)
VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
In addition, JPCERT/CC has confirmed the information that describes the details of the vulnerability of VMware vCenter Server(CVE-2021-21972), and the Proof-of-concept code, and scanning activity to search for systems affected by this vulnerability.
If you are using a product which is affected by this vulnerability,please apply the measures by referring to "III. Solution" and"IV. Workarounds".
- vCenter Server versions 7.0 prior to 7.0 U1c
- vCenter Server versions 6.7 prior to 6.7 U3l
- vCenter Server versions 6.5 prior to 6.5 U3n
- Cloud Foundation (vCenter Server) versions 4.x prior to 4.2
- Cloud Foundation (vCenter Server) versions 3.x prior to 3.10.1.2
- vCenter Server version 7.0 U1c
- vCenter Server version 6.7 U3l
- vCenter Server version 6.5 U3n
- Cloud Foundation (vCenter Server) version 4.2
- Cloud Foundation (vCenter Server) version 3.10.1.2
- Change VMware vRops Client Plugin to incompatible
VMware states that the application of the workaround will affect the environment in which VMware vRealize Operations is used.For more information, please refer to the information provided by VMware.
VMware
VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374)
https://kb.vmware.com/s/article/82374
VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
If you have any information regarding this alert, please contact JPCERT/CC.
2021-03-01 Updated "I. Overview"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2021-02-25(Initial)
2021-03-01(Update)
I. Overview
On February 23, 2021 (US Time), VMware has released advisory(VMSA-2021-0002) regarding vulnerabilities in their multiple products.A remote attacker may upload an arbitrary file or execute arbitrary command with SYSTEM privileges by leveraging these vulnerabilities.For more information, please refer to the information provided by VMware.VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
In addition, JPCERT/CC has confirmed the information that describes the details of the vulnerability of VMware vCenter Server(CVE-2021-21972), and the Proof-of-concept code, and scanning activity to search for systems affected by this vulnerability.
Update: March 1, 2021 Update
On February 25, 2021, JPCERT/CC sensors in Japan also observed scans that appear to be searching for systems affected by this vulnerability. There is a possibility that attacks using the scanning information may take place in the future. Please consider taking measures as soon as possible.
If you are using a product which is affected by this vulnerability,please apply the measures by referring to "III. Solution" and"IV. Workarounds".
II. Affected Products and Versions
Affected products and versions are as follows:- vCenter Server versions 7.0 prior to 7.0 U1c
- vCenter Server versions 6.7 prior to 6.7 U3l
- vCenter Server versions 6.5 prior to 6.5 U3n
- Cloud Foundation (vCenter Server) versions 4.x prior to 4.2
- Cloud Foundation (vCenter Server) versions 3.x prior to 3.10.1.2
III. Solution
VMware has released versions that address the vulnerability.Please consider updating to an updated version.- vCenter Server version 7.0 U1c
- vCenter Server version 6.7 U3l
- vCenter Server version 6.5 U3n
- Cloud Foundation (vCenter Server) version 4.2
- Cloud Foundation (vCenter Server) version 3.10.1.2
IV. Workarounds
The following measures are mentioned as workarounds.- Change VMware vRops Client Plugin to incompatible
VMware states that the application of the workaround will affect the environment in which VMware vRealize Operations is used.For more information, please refer to the information provided by VMware.
VMware
VMware vCenter Server Workaround Instructions for CVE-2021-21972 and CVE-2021-21973 (82374)
https://kb.vmware.com/s/article/82374
V. References
VMware
VMSA-2021-0002
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2021-02-25 First edition2021-03-01 Updated "I. Overview"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/