OpenSLP vulnerabilities have been disclosed that affect ESXi. The possibility of exploitation can be removed by performing the steps detailed in this article
I will show you a quick little snippet to disable SLP on the ESXi firewall in response to:
VMSA-2019-0022 (CVE-2019-5544), VMSA-2020-0023 (CVE-2020-3992) and VMSA-2021-0002 (CVE-2021-21974)
NOTE: I have NOT notice any impact for VMware native functionality. Also I have NOT notice any impact on third party tools like OMIVV, however please test it first in your Dev environment to make sure it won’t brake anything.
Let’s start by connecting to our VCs:
$vCenterServers = "your_cv_name","your_next_vc_name"
disconnect-viserver
connect-viserver $vCenterServers
disconnect-viserver – I like to use it just to make sure I will not have duplicate sessions.
Let’s prepare our host. I am interested in hosts which are connected and powered on only:
$vmhosts = get-vmhost | where {$_.State -eq "Connected" -or $_.State -eq "Maintenance"}
Let’s execute workaround:
foreach($v in $vmhosts){
$esxcli = Get-EsxCli -VMHost $v -V2
$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid='CIMSLP'})
$esxcli.network.firewall.ruleset.set.Invoke(@{rulesetid='CIMSLP'; enabled=$false})
$esxcli.network.firewall.refresh.Invoke()
}
Now let’s stop the SLP and make sure the change will survive the reboot:
$esxislpd = $vmhosts | get-vmhostservice | where-object {$_.key -eq "slpd"}
$slpdon = $esxislpd | where {$_.Running -eq "True"}
$slpdon | stop-vmhostservice -confirm:$false
$slpdon | set-vmhostservice -policy "Off" -Confirm:$false
That is it.
If you need explanation or you do have any questions related to this script, please do not hesitate to leave the comment.
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my YouTube channel: https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A