Critical VMware vCenter Security Vulnerability - XIOLOGIX XIOLOGIX
Security

Critical VMware vCenter Security Vulnerability

A security vulnerability CVE-2021-22005 was discovered yesterday. This vulnerability affects VMware vCenter servers running all versions of 6.7 and all versions of 7.0 before 7.0U2c build 18356314. This is a critical vulnerability, rated 9.8 out of 10! There is no current patch for this issue. As a workaround, you need to run a script on the vCenter server. If you have a vCenter appliance running an affected version, here is what you need to do:

  1. Go to Workaround Instructions for CVE-2021-22005 (85717) (vmware.com) and download the python script under the Attachment section on the right.

  2. Now login to your vSphere environment and open the Remote Console to your vCenter appliance VM.
  3. Hit F2 and login with the vCenter root user and password.
  4. Go to Troubleshooting Mode Options and hit enter.
  5. Enable BASH Shell and SSH. It should look like this when you are done:

  6. Now hit Alt-F1 to get to a login prompt.
  7. Login with root and the root password.
  8. You should be at a “Command>” prompt. Type shell and hit enter.
  9. You should now be at a root prompt. We need to enable the root user to login so we can SCP a file.
  10. Type the command chsh -s /bin/bash root and hit enter. We are done in the Remote Console for now.
  11. Open WinSCP and connect to your vCenter server using root and the root password. Change the location on the left to your Downloads folder and the list on the right to /var/tmp

  12. Drag the VMSA-2021-0020.py file from the left side to the right side. Once it appears on the right side, close WinSCP.
  13. Go back to the vCenter Remote console and type in the command python /var/tmp/VMSA-2021-0020.py and hit Enter.
  14. This command will output a bunch of information but it should say “Vulnerability Found” then after a minute “SUCCESS: Patching completed. Vulnerabilities are NOT detected” at the bottom.


  15. Change the default shell for root back to the default with the command chsh -s /bin/appliancesh root and hit enter.
  16. Type exit and hit enter then type exit and hit enter. This should get you back to a login prompt.
  17. Hit Alt-F2 to get back to the vCenter management screen. You may have to hit F2, login and go back to the Troubleshooting Mode Options screen.
  18. Turn off the BASH Shell and SSH so it looks like this

  19. Hit escape until you are back at the main vCenter appliance screen.
  20. Close the Remote Console.

That’s it! Let me know if you have any questions or need any assistance.