VMware Releases Security Update

Threat ID:: CC-3904
Threat Severity:: Information only
Published:: 14 July 2021 12:40 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

VMware Cloud Foundation Versions: 3.x prior to 3.10.2, and 4.x

VMware ESXi Versions: 6.5, 6.7, and 7.0

Threat details

Introduction

VMware has released a security update to address a vulnerabilities in VMware ESXi and VMware Cloud Foundation. An attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review VMware Security Advisory VMSA-2021-0014 and apply any relevant updates or workarounds.

CVE Vulnerabilities

Status Published

CVE-2021-21994

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

Status Published

CVE-2021-21995

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

Last edited: 14 July 2021 1:03 pm