Headline
CVE-2021-21994: VMSA-2021-0014.1
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
Advisory ID: VMSA-2021-0014.1
CVSSv3 Range: 5.3-7.0
Issue Date: 2021-07-13
Updated On: 2021-08-24
CVE(s): CVE-2021-21994, CVE-2021-21995
Synopsis: VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995)
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
- VMware ESXi
- VMware Cloud Foundation (Cloud Foundation)
****2. Introduction****
Multiple vulnerabilities in VMware ESXi were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products.
****3a. ESXi SFCB improper authentication vulnerability (CVE-2021-21994)****
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability.VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.0.
A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.
To remediate CVE-2021-21994 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds for CVE-2021-21994 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
SFCB service is not enabled by default on ESXi. For successful exploitation, SFCB service should be running. The status of the service can be checked by following the steps mentioned in KB1025757.
VMware would like to thank Douglas Everson of Voya Financial for reporting this issue to us.
Impacted Product Suites that Deploy Response Matrix 3a Components:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Cloud Foundation (ESXi)
4.x
Any
CVE-2021-21994
7.0
important
4.3
KB1025757
None
Cloud Foundation (ESXi)
3.x
Any
CVE-2021-21994
7.0
important
3.10.2
KB1025757
None
****3b. ESXi OpenSLP denial-of-service vulnerability (CVE-2021-21995)****
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.
To remediate CVE-2021-21995 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds for CVE-2021-21995 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
VMware would like to thank VictorV(Tangtianwen) of Kunlun Lab for reporting this issue to us.
Impacted Product Suites that Deploy Response Matrix 3b Components:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Cloud Foundation (ESXi)
4.x
Any
CVE-2021-21995
5.3
moderate
4.3
KB76372
None
Cloud Foundation (ESXi)
3.x
Any
CVE-2021-21995
5.3
moderate
3.10.2
KB76372
None
****4. References****
****5. Change Log****
2021-07-13 VMSA-2021-0014
Initial security advisory.
2021-08-24 VMSA-2021-0014.1
Added Cloud Foundation 4.x fixed version in the Response Matrix section of 3a and 3b.
****6. Contact****