HCX - Instructions to address CVE-2021-44228 and CVE-2021-45046 in HCX Connector or Cloud Manager
Article ID: 328970
Updated On:
Products
VMware HCX
Issue/Introduction
CVE-2021-44228 and CVE-2021-45046 have been determined to impact HCX Connector or Cloud Manager via the Apache Log4j open-source component. This vulnerability and its impact on VMware products are documented in the following VMware Security Advisory (VMSA), please review this document before continuing:
• CVE-2021-44228 – VMSA-2021-0028
Symptoms:
Security vulnerabilities affecting the following HCX versions:
Version 4.3.0 is NOT affected by those vulnerabilities.
• CVE-2021-44228 – VMSA-2021-0028
Symptoms:
Security vulnerabilities affecting the following HCX versions:
- 4.0.1 & 4.0.2
- 4.1.x
- 4.2.x
Version 4.3.0 is NOT affected by those vulnerabilities.
Cause
Known vulnerability in Apache Log4j component in the HCX Connector or Cloud Manager.
Service Mesh appliances IX, NE, and WANOpt are not susceptible to this vulnerability.
HCX vCenter plug-in is not susceptible to this vulnerability but depends on vCenter libraries. See Related Information section.
Service Mesh appliances IX, NE, and WANOpt are not susceptible to this vulnerability.
HCX vCenter plug-in is not susceptible to this vulnerability but depends on vCenter libraries. See Related Information section.
Resolution
The following versions address security vulnerabilities CVE-2021-44228 and CVE-2021-45046
HCX Connector or Cloud Manager running 4.2.x must be upgraded to Security Update 4.2.4
Refer to HCX 4.2.4 Release Notes for details.
HCX Connector or Cloud Manager running 4.1.x must be upgraded to Security Update 4.1.0.3
Refer to HCX 4.1.0.3 Release Notes for details.
HCX Connector or Cloud Manager running 4.0.x must be upgraded to the latest Security Update 4.2.4
Refer to HCX 4.2.4 Release Notes for details.
HCX Connector or Cloud Manager running R147 or older releases must be upgraded to 4.2.4 per support requirements. Refer to HCX Release Notes for upgrade availability and restrictions for out of support versions.
Workaround:
There is NO workaround available
HCX Connector or Cloud Manager running 4.2.x must be upgraded to Security Update 4.2.4
( Builds Numbers: Connector 4.2.4.0.19079282 and Cloud Manager 4.2.4.0.19079282 )
Service Mesh appliances do not require upgrade.Refer to HCX 4.2.4 Release Notes for details.
HCX Connector or Cloud Manager running 4.1.x must be upgraded to Security Update 4.1.0.3
( Builds Numbers: Connector 4.1.0.19079015 and Cloud Manager 4.1.0.19079014 )
Service Mesh appliances do not require upgrade.Refer to HCX 4.1.0.3 Release Notes for details.
HCX Connector or Cloud Manager running 4.0.x must be upgraded to the latest Security Update 4.2.4
( Builds Numbers: Connector 4.2.4.0.19079282 and Cloud Manager 4.2.4.0.19079282 )
Service Mesh appliances should be upgraded per general recommendations but that may be deferred, if necessary.Refer to HCX 4.2.4 Release Notes for details.
HCX Connector or Cloud Manager running R147 or older releases must be upgraded to 4.2.4 per support requirements. Refer to HCX Release Notes for upgrade availability and restrictions for out of support versions.
Workaround:
There is NO workaround available
Additional Information
Refer to KB 86169 for instructions on how to secure HCX Cloud Manager in a VMware Cloud on AWS SDDC.
Contact your Cloud Provider for instructions on how to restrict internet access to the HCX Cloud Manager in your SDDC.
HCX plug-in may use Log4j library in vCenter so refer to KB 87081 for instructions on how to address this vulnerability in vCenter.
Impact/Risks:
Refer to HCX User Guide - Updating VMware HCX for instructions and consideration when upgrading HCX Connector or Cloud Manager.
Contact your Cloud Provider for instructions on how to restrict internet access to the HCX Cloud Manager in your SDDC.
HCX plug-in may use Log4j library in vCenter so refer to KB 87081 for instructions on how to address this vulnerability in vCenter.
Impact/Risks:
Refer to HCX User Guide - Updating VMware HCX for instructions and consideration when upgrading HCX Connector or Cloud Manager.
Feedback
Yes
No
Powered by
