Cisco drives that operate for 40k hours will cease to function

Cisco just announced a new Field notice regarding Defect ID CSCvt55829 which is an industry wide firmware index bug.

Under normal operation, after 40,000 power-on hours (4.5 years), the SSD will report that 0 GB of available storage space remains. The drive will go offline and become unusable.

These drives were used in the following C-Series products and there is a firmware upgrade to resolve the issue.  For more information you can go to the Field Notice FN – 70545.

 

UCS Manager based B and C-Series Software Release Software Downloads
Release 4.1(1c) and later

VMware code execution flaw CVE-2021-21972

There is a newly disclosed code-execution vulnerability in VMware vCenter.  VMware was quick to release a patch (within a day) and it can be found here.

The severity of this vulnerability as well as the fact that there are exploits available for both Windows and Linux servers, kicked off a flurry of mass scanning for vulnerable vCenter Servers.

Code execution, no authorization required

CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.

The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller