VMware/VMware Security Vulnerability

[Security Update] VMware Apache Log4j Remote Code Execution Vulnerability(0)

JuneJoon 2021. 12. 12. 19:54

현재 상당한 이슈가 되고 있는 Apache Log4j Remote Code Execution (CVE-2021-44288) 취약점에 대한 VMware 제품 대응 가이드가 발표되었습니다. 각각 제품군마다 다르겠지만, 사전에 작업을 진행 할 수 있는 Workaround 가 제품군별로 가이드되어 있습니다. 현재 업데이트된 영향을 받는 제품군은 다음과 같습니다.

 

출처 : VMware

 

Impacted Products (Under Evaluation)
  • VMware Horizon
  • VMware vCenter Server
  • VMware HCX
  • VMware NSX-T Data Center
  • VMware Unified Access Gateway
  • VMware WorkspaceOne Access
  • VMware Identity Manager 
  • VMware vRealize Operations
  • VMware vRealize Operations Cloud Proxy
  • VMware vRealize Log Insight
  • VMware vRealize Automation
  • VMware vRealize Lifecycle Manager
  • VMware Telco Cloud Automation
  • VMware Site Recovery Manager
  • VMware Carbon Black Cloud Workload Appliance
  • VMware Carbon Black EDR Server
  • VMware Tanzu GemFire
  • VMware Tanzu Greenplum
  • VMware Tanzu Operations Manager
  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Kubernetes Grid Integrated Edition
  • VMware Tanzu Observability by Wavefront Nozzle
  • Healthwatch for Tanzu Application Service
  • Spring Cloud Services for VMware Tanzu
  • Spring Cloud Gateway for VMware Tanzu
  • Spring Cloud Gateway for Kubernetes
  • API Portal for VMware Tanzu
  • Single Sign-On for VMware Tanzu Application Service
  • App Metrics
  • VMware vCenter Cloud Gateway
  • VMware Tanzu SQL with MySQL for VMs
  • VMware vRealize Orchestrator
  • VMware Cloud Foundation
  • VMware Workspace ONE Access Connector
  • VMware Horizon DaaS
  • (Additional products will be added)

 

 

관련 픽스패치는 현재 기준으로 Pending status로 표기가 되어있으며, 앞서 말씀드린것 처럼 제품군 별로 log4j의 nslookup을 막아버리는  Workaround 를 가이드하고있습니다. 
이하 첨부 시트의 워크어라운드 및 상단 링크의 원문을 참조 부탁드립니다.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Horizon
8.x, 7.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vCenter Server
7.x, 6.x
Virtual Appliance
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vCenter Server
6.x
Windows
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware HCX
4.x, 3.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware NSX-T Data Center
3.x, 2.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Unified Access Gateway
21.x, 20.x, 3.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Workspace ONE Access
21.x, 20.10.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Identity Manager
3.3.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vRealize Operations
8.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vRealize Operations Cloud Proxy
Any
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vRealize Log Insight
8.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware vRealize Automation
8.x, 7.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware vRealize Lifecycle Manager
8.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware Telco Cloud Automation
2.x, 1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware Carbon Black Cloud Workload Appliance
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Carbon Black EDR Server
7.x, 6.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Site Recovery Manager
8.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware Tanzu GemFire
9.x, 8.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Tanzu Greenplum
6.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Tanzu Operations Manager
2.x
Any
CVE-2021-44228
Critical
 
None
VMware Tanzu Application Service for VMs
2.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Tanzu Kubernetes Grid Integrated Edition
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Tanzu Observability by Wavefront Nozzle
3.x, 2.x
Any
CVE-2021-44228
Critical
 
None
None
Healthwatch for Tanzu Application Service
2.x, 1.x
Any
CVE-2021-44228
Critical
 
None
None
Spring Cloud Services for VMware Tanzu
3.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
Spring Cloud Gateway for VMware Tanzu
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
Spring Cloud Gateway for Kubernetes
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
API Portal for VMware Tanzu
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
Single Sign-On for VMware Tanzu Application Service
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
App Metrics
2.x
Any
CVE-2021-44228
Critical
 
None
None
VMware vCenter Cloud Gateway
1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Tanzu SQL with MySQL for VMs
2.x, 1.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware vRealize Orchestrator
8.x, 7.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None
VMware Cloud Foundation
4.x, 3.x
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Workspace ONE Access Connector (VMware Identity Manager Connector)
21.x, 20.10.x, 19.03.0.1
Any
CVE-2021-44228
Critical
 
Patch Pending
None
VMware Horizon DaaS
9.1.x, 9.0.x
Any
CVE-2021-44228
Critical
 
Patch Pending
Workaround Pending
None

log4j 유틸리티를 범용적으로 사용하다 보니, VMware도 영향을 받는 제품군이 상당히 많습니다... 다행히도 esxi는 해당되지 않습니다. 

(이곳을 참조하시면, 대상이 되지 않는 제품군을 확인하실 수 있습니다)

취약점 대상제품군이 누구나 접근할 수있는 공용망에 공개가 되어있다면 신속하게 조치하는것을 권고드립니다.

관련하여 관심이 가는 제품군의 워크어라운드를 참조하여 사전 작업 겸 포스팅할 예정입니다. 

 

Update 12/14

vCenter Server Appliance의 Workaround 작업에 대한 스크립트가 제공되었습니다.

 

 

 

다들 고생이 많은 12월이 되겠군요 -.-; 

다음 포스팅에 뵙겠습니다.

감사합니다.

반응형

'VMware/VMware Security Vulnerability'의 다른글

  • 현재글[Security Update] VMware Apache Log4j Remote Code Execution Vulnerability(0)
댓글

티스토리툴바