VMware Networking Community
MatthewTek
Contributor
Contributor
‎06-04-2021 11:55 AM

VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remo

Hi Guys,

can anyone confirm if the vulnerability VMware has issued an advisory stating that a vSAN plugin (enabled by default in vCenter) allows remote code execution to any attacker hitting port 443. As mentioned in this ZDNet article, the severity level of this vulnerability is considered critical, and VMWare has strongly urged any users withvCenter servers on versions 6.5, 6.7, or 7.0 to update immediately or, at the very least, todisable any vCenter Server Plugins.

Does this affect ESXi 6.5 ?

https://kb.vmware.com/s/article/83829

Reply
0 Kudos
5 Replies
Sreec
VMware Employee
VMware Employee
‎06-05-2021 12:35 AM

Well, this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not. It's not an ESXI vulnerability. You can see the impacted products in https://www.vmware.com/security/advisories/VMSA-2021-0010.html also do check https://blogs.vmware.com/vsphere/2021/05/vmsa-2021-0010.html 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
Jimmy15
Enthusiast
Enthusiast
‎06-05-2021 04:01 PM

This vulnerability is for VCSA... so if VCSA is compromised , ESXi any (ie 6.5) will also carry risk.

Many times you can't see vSAN or vROPs plug-ins in VCSA UI but will appear in compatibility-matrix.xml (since default integrated).

 

 


regards



PS: Mark kudos or correct answer as appropriate 🙂
Reply
0 Kudos
MatthewTek
Contributor
Contributor
‎06-07-2021 05:58 AM

Hi Sree,

 

I tired to follow these steps but get error path cant be found in step 2 and 3, can you perhaps provide the correct command to use in ESXi 6.5 please?

  1. Connect to the vCSA using an SSH session and root credentials.
  2. Backup the /etc/vmware/vsphere-ui/compatibility-matrix.xml file:
cp -v /etc/vmware/vsphere-ui/compatibility-matrix.xml /etc/vmware/vsphere-ui/compatibility-matrix.xml.backup
  1. Open the compatibility-matrix.xml file in a text editor:
vi /etc/vmware/vsphere-ui/compatibility-matrix.xml

Note: Content of an unedited file should look similar to the following:
 

 

  1. To disable all plugins with disclosed vulnerabilities, add the following lines as shown below:
Note: These entries should be added between the --> and <!— entries highlighted above.

<PluginPackage id="com.vmware.vrops.install" status="incompatible"/>
<PluginPackage id="com.vmware.vsphere.client.h5vsan" status="incompatible"/>
<PluginPackage id="com.vmware.vrUi" status="incompatible"/>
<PluginPackage id="com.vmware.vum.client" status="incompatible"/>
<PluginPackage id="com.vmware.h4.vsphere.client" status="incompatible"/>
Reply
0 Kudos
Jimmy15
Enthusiast
Enthusiast
‎06-10-2021 02:17 PM

short answer is

/etc/vmware/vsphere-client

Details are in below link

https://vdc-repo.vmware.com/vmwb-repository/dcr-public/a6383b70-f20e-4f68-be41-65d98a7c6778/15f8dafb...


regards



PS: Mark kudos or correct answer as appropriate 🙂
Reply
0 Kudos
MatthewTek
Contributor
Contributor
‎07-20-2021 04:48 PM

Hi Guys,

does this affect ESXi hypervisor, I do not see any directory starting with vsphere under /etc/vmware/ please see below ls of /etc/vmware/ 

[root@VMHOST:/etc/vmware] ls
BootbankFunctions.sh lockdown.conf ssl
autodeploy locker.conf support
config logfilters system-users.conf
configrules lunTimestamps.log system_fips
default.map.d nas uidmap.json
defaultconfigrules oem.map.d usb.ids
driver.map.d oem.xml usbarb.rules
dvsdata.db passthru.map vm-support
esx.conf pci.ids vmfs
firewall pciid vmkiscsid
hostd rabbitmqproxy vmware.lic
icu rhttpproxy vmwauth
ihv.map.d secpolicy vpxa
ima_plugin.conf service vsan
iofilters settings vvold
license.cfg smart_plugin.conf weasel
localsas snmp.xml welcome
lockdown snmp_boots.txt
[root@VMHOST:/etc/vmware]

Reply
0 Kudos