our penetration test team criticizes a running SLP Service on Port 427 tcp/udp on all our ESXi hosts 5.0 (HP380G6-G8).
Does someone know if this Service is needed on a standard ESXi host connectet to a vCenter (maby for the hardware tab)?
We are NOT running any third party tools to monitor the hosts (HP agent e.g). But we have installed the CIM Provider for the vCenter integration.
Just closing "CIM SLP" via firewall rules did not bring up any problems promptly as far as I see, but I want to be really sure.
Any help would be appreciated.
This thread has become more important because of the newly announced vulnerabilities this month.
links to VMware advisories:
Does anyone have an update?
Disabling CIM because of the SLP vulnerablity (workaround) has what impacts on ESXi monitoring/management operations?
Our organization implemented the CIMSLP workaround without any adverse impacts. We are proceeding with patching and will remove the workaround when that's complete. Since we noted no downside to disabling SLPd on the ESXi hosts, we wonder what value it actually provides. Perhaps we do not use the orchestrator/automation that might otherwise use it.