VMware Cloud Community
mudireddy
Contributor
Contributor
Jump to solution

VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, C

Hi All,

 

VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)

 

Now what I need to do for this , My VC's are running in 6.5 and 6.7 windows based .Below are the vC version detail's with build number.

 

SO if I want to fix this vulnerabilities what all steps need to take as per below version and build number.

 

VMware vCenter Server 6.5.0 build-10964411 6.5

VMware vCenter Server 6.5.0 build-10964411 6.5

VMware vCenter Server 6.7.0 build-14368027 6/7/2003

Reply
0 Kudos
1 Solution

Accepted Solutions
VMAKS
VMware Employee
VMware Employee
Jump to solution

@mudireddy

 

Thank you for your post on VMware Communities.

 

Pertaining to CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 please refer to the VMware KB for workaround and fixes: https://kb.vmware.com/s/article/82374?lang=en_US

 

Arun Kumar

Install Upgrade Specialist

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

Regards,
Arun Kumar
Install Upgrade Specialist
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)

View solution in original post

Reply
0 Kudos
7 Replies
fabio1975
Commander
Commander
Jump to solution

Ciao 

For vcenter 6.7 upgrade it to 6.7 U3l  or apply this workaround:

 

https://kb.vmware.com/s/article/82374

 

For vcenter 6.5 upgrade it to 6.5 U3n or apply this workaround:

https://kb.vmware.com/s/article/82374

 

More info in this link 

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

 

Bye Fabio 

 

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Reply
0 Kudos
mudireddy
Contributor
Contributor
Jump to solution

Hi Fabio,

 

Thank you for your reply , 

Kindly share me steps to upgrade windows vcenter 6.7   to 6.7 u3i

 

And kindly share for fixing same vulnerabilities fro esxi 6.5 and share me workaround link.

 

Thank you in advance.

 

regards,

Dinesh

Reply
0 Kudos
mudireddy
Contributor
Contributor
Jump to solution

3b. ESXi OpenSLP heap-overflow vulnerability (CVE-2021-21974)

 

The ESXi team has investigated these vulnerabilities and determined that the possibility of exploitation can be removed by performing the steps detailed in the resolution section of this article. This workaround is meant to be a temporary solution only and customers are advised to deploy the patches documented in the aforementioned VMSAs.

 

Did VMware released any specific patch to fix this vulnerability?

 

Below is the work around provided KB article provided by VMware .

 

DO I need to all steps until last 4th step , are ese I need perform until second step of first 2 points .

 

  1. Stop the SLP service on the ESXi host with this command:
/etc/init.d/slpd stop
 
 
Note: The SLP service can only be stopped when the service is not in use. Use the following command to view the operational state of Service Location Protocol Daemon:

esxcli system slp stats get
 

  1. Run the following command to disable the SLP service:
esxcli network firewall ruleset set -r CIMSLP -e 0
 
To make this change persist across reboots:

chkconfig slpd off

To check if the change is applied across reboots:

chkconfig --list | grep slpd

output: slpd off
 

To remove the workaround perform the following steps:

  1. Run the following command to enable the ruleset of SLP service:
esxcli network firewall ruleset set -r CIMSLP -e 1
  1. Run the following command to change the current startup information of slpd service:
chkconfig slpd on

Run the following command to check if the change is applied after running the above step (Step 2#):

chkconfig --list | grep slpd

output: slpd on

  1. Run the following command to start the SLP service:
/etc/init.d/slpd start
  1. Disable and enable the CIM agent, 

 

 

Reply
0 Kudos
VMAKS
VMware Employee
VMware Employee
Jump to solution

@mudireddy

 

Thank you for your post on VMware Communities.

 

Pertaining to CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 please refer to the VMware KB for workaround and fixes: https://kb.vmware.com/s/article/82374?lang=en_US

 

Arun Kumar

Install Upgrade Specialist

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

Regards,
Arun Kumar
Install Upgrade Specialist
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)
Reply
0 Kudos
mudireddy
Contributor
Contributor
Jump to solution

Hi , 

To which patch I need to install my esxi host , below are the ESXI version and build currently in use , What is the best practice to fix this.

VMware ESXi 6.5.0 build-13635690

VMware ESXi 6.5.0 build-15256549

VMware ESXi 6.5.0 build-15177306
VMware ESXi 6.5.0 build-10884925
VMware ESXi 6.5.0 build-10719125
VMware ESXi 6.5.0 build-10175896
VMware ESXi 6.5.0 build-16576891
VMware ESXi 6.5.0 build-4564106
VMware ESXi 6.5.0 build-6765664
VMware ESXi 6.5.0 build-7388607
VMware ESXi 6.5.0 build-8294253

 

Regards,

Dinesh

mudireddy.d@infosys.com

 

Reply
0 Kudos
mudireddy
Contributor
Contributor
Jump to solution

Hi Arun,

 

If possible can you call me for 5min.

I have few doubts regarding ESXI workaround task , Getting bit confused while doing workaround task on esxi level.

Regards,

Mudireddy dinesh

+91 6309818644

 

 

Reply
0 Kudos
VMAKS
VMware Employee
VMware Employee
Jump to solution

@mudireddy 

 

Thank you for your reply.

Please let me know your concerns here on the VMware Communities.

If you want to discuss on a call, please log a new case with VMware Support.

Regards,
Arun Kumar
Install Upgrade Specialist
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)
Reply
0 Kudos