Highlighted
Contributor
Contributor

PowerCLI - Workaround for OpenSLP security vulnerability in ESXi 6.x (CVE-2019-5544) / VMSA-2019-0022

Hi!

I wonder if anyone already wrote script to implement workaround for OpenSLP security vulnerability in ESXi 6.x (CVE-2019-5544) / VMSA-2019-0022 ?
One to apply:
VMware Knowledge Base ?

I have asked VMware support same question but have not got any useful answer yet.

3 Replies
Highlighted
VMware Employee
VMware Employee

Moderator: Moved to PowerCLI


Forum Usage Guidelines: https://communities.vmware.com/docs/DOC-12286
VMware Training & Certification blog: http://vmwaretraining.blogspot.com
0 Kudos
Highlighted
User Moderator
User Moderator

If you are allowed to enable SSH briefly and if you have installed/can install the Posh-SSH module, you could do

$esxName = 'MyEsx'

$esx = Get-VMHost -Name $esxName


$cmdsub = @'

/etc/init.d/slpd stop;

/etc/init.d/slpd status;

esxcli network firewall ruleset set -r CIMSLP -e 0;

chkconfig slpd off;

chkconfig --list | grep slpd;

'@


$secPswd = ConvertTo-SecureString 'Welcome2019!' -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ('root', $secPswd)


Get-VMHostService -VMHost $esx | where{$_.Key -eq 'TSM-SSH'} | Start-VMHostService -Confirm:$false | Out-Null


$session = New-SSHSession -ComputerName $esx.Name -Credential $cred –AcceptKey

Invoke-SSHCommand -SSHSession $session -Command $cmdSub | Select -ExpandProperty Output

Remove-SSHSession -SSHSession $session | Out-Null


Get-VMHostService -VMHost $esx | where{$_.Key -eq 'TSM-SSH'} | Stop-VMHostService -Confirm:$false | Out-Null


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Enthusiast
Enthusiast

Thanks, this script worked as advertised. 

0 Kudos