IMPORTANT Security Advisory that was released earlier yesterday (13-07-2021)
VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995) with a maximum CVSSv3 base score of 7.0.
Known Attack Vectors
A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
NOTE: SFCB is disabled by default. The service starts when you install a third-party CIM VIB, for example, when you run the esxcli software vib install -n VIBname command. For successful exploitation, SFCB service should be running. The status of the service can be checked by following the steps mentioned in KB1025757.
Workaround KB (to address advisory)
- Important Security Advisory Workaround – CVE-2021-21994
- KB1025757 https://kb.vmware.com/s/article/1025757 addresses SFCB service issue
- Moderate Security Advisory Workaround – CVE-2021-21995
- KB76372 – https://kb.vmware.com/s/article/76372 was also referenced in VMSA-2021-0002 on 2/223/2021 to address the OpenSLP service issue
- VMware recommends disabling the OpenSLP service in ESXi if it is not used. For more information, please see our blog posting Evolving the VMware vSphere Security Configuration Guides