Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

IDPA: Steps to mitigate VMSA-2021-0010 (CVE-2021-21985, CVE-2021-21986) and VMSA-2021-0020 on IDPA vCenter for versions 2.5 and 2.6.x

Summary: Steps to mitigate VMSA-2021-0010 (CVE-2021-21985, CVE-2021-21986) and VMSA-2021-0010 on IDPA vCenter for versions 2.5 and 2.6.x.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Instructions

Impact Assessment:
  • Functionality impacts are limited to IDPA Internal vCenter during the implementation of remediation procedure.
  • No impact to customer backups, replications, and restore functionality.
  • IDPA Internal VM (ACM, DPA, and so on) backups get impacted if they are running during the implementation of this procedure.
Important Note:
An automated procedure has been provided and can be run from the ACM.
Note:
Dell EMC has released a new cumulative automated vCenter patch utility for versions 2.5, and 2.6.x which provides remediation for VMSA-2021-0010 and VMSA-2021-0020. 

Download:

Option 1:
Direct link 
Note: User must be logged into Dell Support with their service account in order to download the utility. 

Option 2: Download via Product Page Link
Product page

Steps
Note: 
Extract or unzip the vc-patch-2.0.0.zip file and follow the instructions below. 
  1. Copy the "vc-patch-2.0.0.jar" to "/data01" folder on Appliance Configuration Manager using an SCP client like WinSCP. SSH to ACM using an SSH client such as PuTTY using root and appliance password. Go to /data01 folder using "cd /data01" command.
  1. Check sha256 sum of the file "vc-patch-2.0.0.jar" and ensure it matches with sha256sum provided in "vc-patch-2.0.0.jar.sha256" file.
 
  1. Run "java -jar vc-patch-2.0.0.jar." The patch performs prechecks and applies the vCenter patch on IDPA vCenter. 
  1. Delete "vc-patch-2.0.0.jar" from "/data01" folder on ACM after successful execution using command "rm vc-patch-2.0.0.jar."
  1. Hit the vCenter IP in browser (like Chrome). Log in to vCenter HTML5 UI using root and password as appliance password. Click Help About VMware vSphere. You should see the following version.
VMware vSphere version
  1. If the manual workaround to mitigate this VMSA was applied previously on IDPA 2.5 or 2.6.x, then revert the workaround steps after applying this patch. Steps to revert mitigation are present in the same mitigation KB "VMSA-2021-0010 in vCenter mitigation for IDPA 2.5 and 2.6.x_csp.docx" attached.
 

Article Properties


Product

PowerProtect Data Protection Appliance

Last Published Date

01 Sep 2023

Version

25

Article Type

How To