Addressing VMSA-2021-0002 in vCenter 6.7 & 6.5 | CVE 2021-21972 / 21973

Addressing VMSA-2021-0002 in vCenter 6.7 & 6.5 | CVE 2021-21972 / 21973

Addressing VMSA-2021-0002 for vCenter 6.7 (and 6.5)

*NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 6.5 and 6.7. If you are looking for later versions, please see this article: VMSA-2021-0002 for vCenter 7.0 

As per VMSA-2021-0002, the affected vCenter versions are 6.5 & 6.7  with CVE-2021-21972, CVE-2021-21973, CVE-2021-21974.

For more details, please refer to VMware KB: https://kb.vmware.com/s/article/82374

For any queries on this procedure or on VMSA 2021-0002, post your question here - https://communities.vmware.com/t5/vSphere-Upgrade-Install/bd-p/2013

To mitigate the issues vCenter 6.7 needs to be patched to  6.7 U3l  or above.

    • vCenter Server Appliance 6.7 Update 3l | NOV 19 2020 | ISO Build 17138064

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

  • Please take a non-memory, non-quiesced snapshot of the vCenter VM (if standalone), before implementing any change.
  • In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.
  • If PSC is external do take powered down snapshot/s of all PSC's as well.
  • If there are multiple vCenter's linked with external PSC we need to update all PSC nodes first and then proceed with vCenter nodes.
  • If DRS is set to Fully Automated, please change it to Manual while updating.
  • Make note of the host IP/FQDN where vCenter/PSC VM is deployed.
  • Ensure that you have the login credential for the ESXi host which has the vCenter VM.
  • vCenter/PSC will be rebooted during the process.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Below is an example on patching vCenter Appliance vCenter Appliance 6.7 (6.7.0.10000) to vCenter Appliance 6.7 Update 3l (6.7.0.46000)

1          In a browser open VAMI (VMware Appliance Management Interface): https://<vCenterFQDN>:5480

2          Login as root      

Ferozrah_0-1614637808600.png

 

 

3          In the Navigator tab (on the left), click Update

Ferozrah_1-1614637808604.png

 

 

4          In CHECK UPDATES drop down change the option to check CD ROM + URL (make sure there is internet connectivity to vCenter server)       

Ferozrah_2-1614637808609.png

 

Alternatively, you can download 6.7 Update 3l build 17138064 from the download portal, and attach the iso to the CDROM of the vCenter server VM

 

5          Select a patch released on NOV 19 2020 or later.

However, VMware recommend patching to the latest available version.

Ferozrah_3-1614637808617.png

 

 

6          Select STAGE AND INSTALL

Ferozrah_4-1614637808619.png

 

 

7          Accept End user license agreement and click on NEXT

Ferozrah_5-1614637808627.png

 

8          It will start Running pre-update checks   

Ferozrah_6-1614637808632.png

 

9          It will ask if you wish to Join the VMware's Customer Experience Improvement Program (CEIP), check/uncheck and click Next

Ferozrah_7-1614637808640.png

 

 

10           Check the box  I have backed up vCenter Server and its associated databases, if you have taken a vCenter Backup and click FINISH

Ferozrah_8-1614637808644.png

 

 

11           You will see Installation in progress as follows                

Ferozrah_9-1614637808646.png
Ferozrah_10-1614637808647.png

Ferozrah_11-1614637808649.png

12           Click on CLOSE

13           The vCenter is patched with the build 17138064

 

Note: If there is external PSC we need to update PSC node first following same procedure.

 

*NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 6.5 and 6.7. If you are looking for later versions, please see this article: VMSA-2021-0002 for vCenter 7.0

 

 

Version history
Revision #:
3 of 3
Last update:
‎03-11-2021 06:27 AM
Updated by:
 
Contributors