CVE-2021-22010 – This vulnerability in VMware vCenter Server all... (How to Fix)

Q: What is the severity of CVE-2021-22010?

CVE-2021-22010 has a CVSS score of 7.5 (HIGH). This vulnerability in VMware vCenter Server allows attackers with network access to port 443 to trigger excessive memory consumption in the VPXD service, causing a denial-of-service condition. It affects organizations running vulnerable vCenter Server instances, potentially disrupting virtual infrastructure management.

📋 TL;DR

This vulnerability in VMware vCenter Server allows attackers with network access to port 443 to trigger excessive memory consumption in the VPXD service, causing a denial-of-service condition. It affects organizations running vulnerable vCenter Server instances, potentially disrupting virtual infrastructure management.

💻 Affected Systems

Products:

VMware vCenter Server

Versions: vCenter Server 6.5, 6.7, and 7.0 before specific patch versions

Operating Systems: vCenter Server Appliance (VCSA) and Windows versions

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both vCenter Server Appliance (VCSA) and Windows-based deployments. Port 443 must be accessible for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of vCenter Server management interface, disrupting VM operations, migrations, and administrative functions across the virtual infrastructure.

🟠

Likely Case

Degraded performance or temporary unavailability of vCenter Server management console, requiring service restart to recover.

🟢

If Mitigated

Minimal impact if network access is restricted and monitoring detects abnormal memory consumption patterns early.

🌐 Internet-Facing: HIGH - Directly exposed vCenter instances are vulnerable to DoS attacks from any internet source.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this to disrupt virtual infrastructure management.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required - network access to port 443 is sufficient. The vulnerability is straightforward to exploit for DoS purposes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: vCenter Server 6.5 U3n, 6.7 U3o, 7.0 U2c or later

Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Restart Required: Yes

Instructions:

1. Download appropriate patch from VMware portal. 2. Backup vCenter Server. 3. Apply patch using vCenter Server Update Planner. 4. Restart vCenter Server services.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to vCenter Server port 443 to trusted management networks only

Load Balancer Rate Limiting

all

Configure rate limiting on load balancers or firewalls in front of vCenter Server

🧯 If You Can't Patch

Implement strict network segmentation to limit access to vCenter Server management interface
Deploy monitoring for abnormal memory consumption patterns in VPXD service

🔍 How to Verify

Check if Vulnerable:

Check vCenter Server version against affected versions in VMSA-2021-0020 advisory

Check Version:

On vCenter Server Appliance: cat /etc/vmware-vpx/version | grep 'VMware vCenter Server'

Verify Fix Applied:

Verify vCenter Server version is 6.5 U3n, 6.7 U3o, 7.0 U2c or later

📡 Detection & Monitoring

Log Indicators:

Unusual memory consumption spikes in VPXD service logs
Multiple connection attempts to port 443 from single sources

Network Indicators:

High volume of requests to vCenter Server port 443
Abnormal traffic patterns to VPXD service endpoints

SIEM Query:

source="vcenter.log" AND ("VPXD" AND "memory" AND "high") OR ("port 443" AND "excessive connections")

📊 Metadata

CVE ID: CVE-2021-22010

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: September 23, 2021

Last Updated: November 21, 2024

🔗 References

https://www.vmware.com/security/advisories/VMSA-2021-0020.html Patch,Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0020.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22010, you might also want to check these: