Tag: ESXi

Security Advisory

VMSA-2021-0014 – VMware ESXi Vulnerabilities

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2021-0014: VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995).

Multiple vulnerabilities in VMware ESXi were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one important issue (CVSSv3 score 7) and one moderate issue (CVSSv3 score 5.3).

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2021-21994 to the ESXi SFCB improper authentication vulnerability and CVE-2021-21995 to the ESXi OpenSLP denial-of-service vulnerability.

VMSA-2021-0014 – Description and Workarounds

A malicious actor with network access to port 5989 on ESXi may exploit the SFCB improper authentication vulnerability to bypass SFCB authentication by sending a specially crafted request. SFCB service is disabled by default. The service starts when you install a third-party CIM VIB, for example, when you run the esxcli software vib install -n VIBname command. You can check status and disable SFCB service using:

Read More
VMware Security Advisory

VMSA-2020-0026 – ESXi, Workstation, and Fusion Vulnerabilities

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2020-0026: VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005).

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one critical issue and one important issue.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-4004 to the use-after-free vulnerability in XHCI USB controller and CVE-2020-4005 to the VMX elevation-of-privilege vulnerability.

Read More
VMware Security Advisory

VMSA-2020-0023 – VMware ESXi, Workstation, Fusion and NSX-T Vulnerabilities

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2020-0023: VMware ESXi, Workstation, Fusion, NSX-T, and vCenter Server Appliance updates address multiple security vulnerabilities. VMware Cloud Foundation is also an impacted product.

ESXi OpenSLP remote code execution vulnerability (CVE-2020-3992)

OpenSLP as used in ESXi has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. If you can’t upgrade to the fixed version, as a workaround you can disable CIM server, documented in VMware KB 76372.

Affected products:

  • ESXi 7.0 – update to ESXi_7.0.1-0.0.16850804
  • ESXi 6.7 – update to ESXi670-202010401-SG
  • ESXi 6.5 – update to ESXi650-202010401-SG
  • VMware Cloud Foundation 4.x – update to 4.1
  • VMware Cloud Foundation 3.x – update to 3.10.1.1
Read More
Install vSphere 7.0

How to Install VMware vSphere 7.0

Constantin Ghioc Leave a comment

In this article I will show you how to install VMware vSphere 7.0. If you are looking for instructions about how to install the older version vSphere 6.7, you can find them here.

To begin with, you need an installation iso for vSphere 7.0, which you can download from your My.VMware account. I downloaded VMware-VMvisor-Installer-7.0.0-15843807.x86_64.iso (vSphere 7.0 build 15843807). I will install vSphere into a virtual machine (don’t do this in production, this is a configuration unsupported by VMware, but often seen in home labs), so I will just mount the iso file into the CD drive and power on the VM.

Install VMware vSphere 7.0

As soon as the VM boots, you will see a “Loading ESXi installer” screen:

Install vSphere 7.0 - Loading ESXi installer
Read More
VMware Security Advisory

VMware ESXi and Horizon DaaS Security Updates – VMSA-2019-0022

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2019-0022 (VMware ESXi and Horizon DaaS updates address OpenSLP remote code execution vulnerability). Patches and workarounds are available to address this vulnerability in affected VMware products.

This advisory documents the remediation of one issue, rated with a severity of critical. VMware ESXi and Horizon DaaS use an OpenSLP version which has a heap overwrite issue. Successful exploitation of this issue may allow attackers with network access to port 427 on an ESXI host or on any Horizon DaaS management appliance to overwrite the heap of the OpenSLP service resulting in remote code execution.

The identifier CVE-2019-5544 was assigned to this vulnerability.

Read More
VMware Security Advisory

VMware ESXi, Workstation, and Fusion Security Updates – VMSA-2019-0019

Constantin Ghioc Leave a comment

VMware has released a new security advisory VMSA-2019-0019 (VMware ESXi, Workstation, and Fusion updates address a denial-of-service vulnerability).

This advisory documents the remediation of one issue, rated with a severity of moderate. VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VMs.

Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. By default, this functionality is not enabled on ESXi and is enabled on Workstation and Fusion.

The identifier CVE-2019-5536 was assigned to this vulnerability.

Affected products and resolutions:

  • ESXi 6.7 – apply patch ESXi670-201908101-SG
  • ESXi 6.5 – apply patch ESXi650-201910401-SG
  • Workstation 15.x – update to 15.5.0
  • Fusion 11.x – update to 11.5.0

The workaround for this issue involves disabling the 3D-acceleration feature.

Disable 3D-acceleration on ESXi

  • With Host Client or vCenter, go to the individual VM > Edit Settings > Virtual hardware > Video card.
  • If the “3D Graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Workstation

  • Select virtual machine and select VM > Settings.
  • On the Hardware tab, select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

Disable 3D-acceleration on Fusion

  • From the VMware Fusion menu bar, select Window > Virtual Machine Library.
  • Select a virtual machine and click Settings.
  • In the Settings Window > select Display.
  • If the “Accelerate 3D graphics” is checked then 3D-acceleration feature is enabled.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMware Security Advisory

VMware ESXi, Workstation, Fusion and vCloud Director Security Updates

Constantin Ghioc Leave a comment

VMware has released two new security advisories VMSA-2019-0004 (VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability) and VMSA-2019-0005 (VMware ESXi, Workstation and Fusion updates address multiple security issues).

The advisories document the remediation of these critical issues:

  • VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
  • VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
  • VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.
  • VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
  • VMware Fusion contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Read More
How to Upgrade ESXi from 6.5 to 6.7 with Command Line

How to Upgrade ESXi from 6.5 to 6.7 with Command Line

Constantin Ghioc Leave a comment

In a previous post I wrote about how to update ESXi 6.5 using Command Line. It’s 6.7 time now, so here is the article explaining how to upgrade ESXi from 6.5 to 6.7 with the command line (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

As a prerequisite, I placed the ESXi 6.5 server in maintenance mode.

Upgrade ESXi from 6.5 to 6.7 with Command Line - Maintenance Mode

Upgrade ESXi from 6.5 to 6.7 with Command Line – Check ESXi Version

To find the current version of ESXi, after I connected with PuTTY to the server, I ran this command:

esxcli system version get

Upgrade ESXi from 6.5 to 6.7 with Command Line - Check ESXi Version
Read More
Install vSphere 6.7

How to Install VMware vSphere 6.7

Constantin Ghioc Leave a comment

In this article I will show you how to install VMware vSphere 6.7. If you are looking for instructions about how to install vSphere 6.5, you can find them here.

To start, you need an installation iso for vSphere 6.7, which you can download from your My.VMware account. From here, I downloaded VMware-VMvisor-Installer-6.7.0-8169922.x86_64.iso (vSphere 6.7 build 8169922). I will install vSphere into a virtual machine (beware, this is a configuration unsupported by VMware, but often seen in home labs), so I will just mount the iso file into the CD drive and power on the VM.

Install VMware vSphere 6.7

As soon as the VM boots, you will see a “Loading ESXi installer screen”:

Install vSphere 6.7 - Loading ESXi installer

Read More

VMware Released ESXi Patches for Spectre

Constantin Ghioc Leave a comment

VMware released patches against Spectre-2 vulnerability. In order to protect against branch target injection vulnerability (also known as Spectre-2), you need to patch the full stack, ranging from vCenter, down to ESXi and the operating system. Don’t forget to also update the firmware for your hardware.

For vCenter, VMware released few days ago the corresponding patches:

Going down to ESXi level, VMware released these patches:

  • ESXi 6.5 – ESXi650-201803401-BG and ESXi650-201803402-BG
  • ESXi 6.0 – ESXi600-201803401-BG and ESXi600-201803402-BG
  • ESXi 5.5 – ESXi550-201803401-BG and ESXi550-201803402-BG

In this article I will focus on ESXi 6.5 patches.

ESXi650-201803401-BG updates the esx-base, esx-tboot, vsan and vsanhealth VIBs. ESXi650-201803402-BG updates the cpu-microcode VIB. Both patches provide parts of the hypervisor-assisted guest mitigation of CVE-2017-5715 for guest operating systems (as described in VMware Security Advisory VMSA-2018-0004.3).

Read More