Hello Team,

I have a customer who have upgraded vCenter from 6.0 to 6.5.

But the python version is still 2.7.11 which has vulnerability as mentioned below.

  *Summary:*

  This host is running Cpython and is

prone to man in middle attack and arbitrary code execution Vulnerabilities.

  *Insight:*

  The multiple flaws exist due to the smtplib

library in CPython does not return an error when StartTLS fails and integer

overflow error in the 'get_data' function in 'zipimport.c' script.

  *Impact:*

  Successful exploitation will allow

man-in-the-middle attackers to bypass the TLS protections and remote attackers

to cause buffer overflow.

  *Impact Level:* Application

   *Affected Software/OS:*

  Cpython before 2.7.12, 3.x before 3.4.5,

and 3.5.x before 3.5.2 on Windows.

  *Vulnerability Detection Method:*

  Get the installed version with the help of

detect NVT and check the version is vulnerable or not.

  Installed version: 2.7.11

Fixed version: 2.7.12

I have done a test by fresh installation of vCenter 6.5 and the vulnerability is gone since we have python 2.7.12 is installed.

Now my question is how do I install python version 2.7.12 or upgrade the python version from 2.7.11 to 2.7.12