Addressing VMSA-2021-0002 in vCenter 7.0 | CVE 2021-21972 / 21973

Addressing VMSA-2021-0002 in vCenter 7.0 | CVE 2021-21972 / 21973

Addressing VMSA-2021-0002 for vCenter 7.0 

*NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 7.0. If you are looking for previous versions, please see this article: VMSA-2021-0002 for vCenter 6.5 and vCenter 6.7

As per VMSA-2021-0002, the affected vCenter version is 7.0 with CVE-2021-21972, CVE-2021-21973, CVE-2021-21974.

For more details, please refer to VMware KB: https://kb.vmware.com/s/article/82374

For any queries on this procedure or on VMSA 2021-0002, post your question here - https://communities.vmware.com/t5/vSphere-Upgrade-Install/bd-p/2013

To mitigate the issues vCenter 7.0 needs to be patched to  7.0 U1c  or above.

  • vCenter Server 7.0 Update 1c | 17 DEC 2020 | ISO Build 17327517
    • The latest patch available on the default repository is 7.0U1d for Feb 2021

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

  • Please take a non-memory, non-quiesced snapshot of the vCenter VM (if standalone), before implementing any change.
  • In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.
  • If DRS is set to Fully Automated, please change it to Manual while updating.
  • Make note of the host IP/FQDN where vCenter VM is deployed.
  • Ensure that you have the login credential for the ESXi host which has the vCenter VM.
  • vCenter Server will be rebooted during the process.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Below is an example on patching VCSA 7.0.1 U3, Build 16858589 to 17327517

Ferozrah_16-1614603910105.png

 

1          In a browser open VAMI (VMware Appliance Management Interface): https://<vCenterFQDN>:5480

2          Login as root      

Ferozrah_17-1614603910109.png

 

3          In the Navigator tab (on the left), click Update

Ferozrah_30-1614604369700.png

 

4          In CHECK UPDATES drop down change the option to check CD ROM + URL (make sure there is internet connectivity to vCenter server)       

Ferozrah_29-1614604306015.png

Alternatively, you can download 7.0 Update 1c build 17327517 from the download portal, and attach the iso to the CDROM of the vCenter server VM

 

5          Select a patch released on Dec 17, 2020 or later.

However, VMware recommend patching to the latest available version.

Ferozrah_19-1614603910118.png

 

6          Select STAGE AND INSTALL

Ferozrah_31-1614604511085.png

 

7          Accept End user license agreement and click on NEXT

Ferozrah_20-1614603910125.png

 

8          It will start Running pre-update checks   

Ferozrah_21-1614603910133.png

 

9          Enter Single Sign-On administrator password (Default SSO administrator: administrator@vsphere.local) and click on NEXT

Ferozrah_22-1614603910136.png

 

10           Check the box in Backup vCenter Server screen if you have taken a vCenter Backup and click FINISH

Ferozrah_23-1614603910142.png

 

11           You will see Installation in progress as follows 

               

Ferozrah_24-1614603910143.png

Ferozrah_25-1614603910145.png

Ferozrah_26-1614603910148.png

 

12           Click on CLOSE

13           The vCenter is patched with the build 17327517

 

 *NOTE* This article is specifically for addressing VMSA-2021-0002 for vCenter 7.0. If you are looking for previous versions, please see this article: VMSA-2021-0002 for vCenter 6.5 and vCenter 6.7

Version history
Revision #:
4 of 4
Last update:
‎03-11-2021 06:37 AM
Updated by:
VMware Employee
 
View Article History
Contributors