MatthewTek
Contributor
Contributor

VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remo

Hi Guys,

can anyone confirm if the vulnerability VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remote code execution to any attacker hitting port 443. As mentioned in this ZDNet article, the severity level of this vulnerability is considered critical, and VMWare has strongly urged any users withvCenter servers on versions 6.5, 6.7, or 7.0 to update immediately or, at the very least, todisable any vCenter Server Plugins.

Does this affect ESXi 6.5 ?

https://kb.vmware.com/s/article/83829

0 Kudos
4 Replies
Sreec
VMware Employee
VMware Employee

Well, this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not. It's not an ESXI vulnerability. You can see the impacted products in https://www.vmware.com/security/advisories/VMSA-2021-0010.html also do check https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html 

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
Jimmy15
Enthusiast
Enthusiast

This vulnerability is for VCSA... so if VCSA is compromised , ESXi any (ie 6.5) will also carry risk.

Many times you can't see vSAN or vROPs plug-ins in VCSA UI but will appear in compatibility-matrix.xml (since default integrated).

 

 


regards



PS: Mark kudos or correct answer as appropriate 🙂
0 Kudos
MatthewTek
Contributor
Contributor

Hi Sree,

 

I tired to follow these steps but get error path cant be found in step 2 and 3, can you perhaps provide the correct command to use in ESXi 6.5 please?

  1. Connect to the vCSA using an SSH session and root credentials.
  2. Backup the /etc/vmware/vsphere-ui/compatibility-matrix.xml file:
cp -v /etc/vmware/vsphere-ui/compatibility-matrix.xml /etc/vmware/vsphere-ui/compatibility-matrix.xml.backup
  1. Open the compatibility-matrix.xml file in a text editor:
vi /etc/vmware/vsphere-ui/compatibility-matrix.xml

Note: Content of an unedited file should look similar to the following:
 

 

  1. To disable all plugins with disclosed vulnerabilities, add the following lines as shown below:
Note: These entries should be added between the --> and <!— entries highlighted above.

<PluginPackage id="com.vmware.vrops.install" status="incompatible"/>
<PluginPackage id="com.vmware.vsphere.client.h5vsan" status="incompatible"/>
<PluginPackage id="com.vmware.vrUi" status="incompatible"/>
<PluginPackage id="com.vmware.vum.client" status="incompatible"/>
<PluginPackage id="com.vmware.h4.vsphere.client" status="incompatible"/>
0 Kudos
Jimmy15
Enthusiast
Enthusiast

short answer is

/etc/vmware/vsphere-client

Details are in below link

https://vdc-repo.vmware.com/vmwb-repository/dcr-public/a6383b70-f20e-4f68-be41-65d98a7c6778/15f8dafb...


regards



PS: Mark kudos or correct answer as appropriate 🙂
0 Kudos