As of Sept 2021 VMware released a very important patch update for the vCenter bringing this to VMware VCSA 7.0U2d release. This release includes lots of security fixes as highlighted in the VMware Security Solutions and Advisory VMSA-2021-0020.1
The list of security fixes is very long and some of these are also classified with a critical impact level:
- vCenter Server file upload vulnerability (CVE-2021-22005)
- vCenter Server local privilege escalation vulnerability (CVE-2021-21991)
- vCenter Server reverse proxy bypass vulnerability (CVE-2021-22006)
- vCenter server unauthenticated API endpoint vulnerability (CVE-2021-22011)
- vCenter Server improper permission local privilege escalation vulnerabilities (CVE-2021-22015)
- vCenter Server unauthenticated API information disclosure vulnerability (CVE-2021-22012)
- vCenter Server file path traversal vulnerability (CVE-2021-22013)
- vCenter Server reflected XSS vulnerability (CVE-2021-22016)
- vCenter Server rhttpproxy bypass vulnerability (CVE-2021-22017)
- vCenter Server authenticated code execution vulnerability (CVE-2021-22014)
- vCenter Server file deletion vulnerability (CVE-2021-22018)
- vCenter Server XML parsing denial-of-service vulnerability (CVE-2021-21992)
- vCenter Server local information disclosure vulnerability (CVE-2021-22007)
- and more..
The VMware VCSa can be upgraded in two simple ways: either by downloading (staging) and installing the updates from the VMware website or by mounting an ISO file inclusive the latest patches. Also this one available for download from the VMware websites. It appears in some occasions the update from the web not always goes as expected. In other cases the VCSA might be prevented access to the internet leaving the “offline” approach the only one available to upgrade the VMware to the latest version.
The purpose of this article is to show a quick video with the simple steps to upgrade to the VMware VCSA 7.0U2d release. The process shows:
- the current version of the VMware VCSA
- checking the updates
- mounting the ISO Patch file
- running the upgrade to latest version
Before proceeding it is highly recommended to also take a backup of the VCSA Database by following the steps in this article. For example by storing the VMware VCSA backup on Synology NAS.
This is also my first attempt to learn and create video with NLE tools!