Highlighted
Hot Shot
Hot Shot

Do we need the SLP Service on Port 427

Jump to solution

Hi,

our penetration test team criticizes a running SLP Service on Port 427 tcp/udp on all our ESXi hosts 5.0 (HP380G6-G8).

Does someone know if this Service is needed on a standard ESXi host connectet to a vCenter (maby for the hardware tab)?

We are NOT running any third party tools to monitor the hosts (HP agent e.g). But we have installed the CIM Provider for the vCenter integration.

Just closing "CIM SLP" via firewall rules did not bring up any problems promptly as far as I see, but I want to be really sure.

Any help would be appreciated.

Chris

21 Replies
Highlighted
Enthusiast
Enthusiast

This thread has become more important because of the newly announced vulnerabilities this month.

links to VMware advisories:

https://www.vmware.com/security/advisories/VMSA-2019-0022.html

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

and workaround:

https://kb.vmware.com/s/article/76372

Does anyone have an update?

 

Disabling CIM because of the SLP vulnerablity (workaround) has what impacts on ESXi monitoring/management operations?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Our organization implemented the CIMSLP workaround without any adverse impacts. We are proceeding with patching and will remove the workaround when that's complete. Since we noted no downside to disabling SLPd on the ESXi hosts, we wonder what value it actually provides. Perhaps we do not use the orchestrator/automation that might otherwise use it.

0 Kudos