Additional step for vCenter Server CVE-2021-44228 and CVE-2021-45046 workaround.

VMware just updated their KB adding additional step which needs to be run even if someone already did apply workaround. This additional step is to remove all JndiLookup classes per Apache Software Foundation guidance.

This step has been automated by script remove_log4j_class.py.

NOTE: If you have already completed the steps in this article or used the original script in KB 87088, you must still run the remove_log4j_class.py script on your previously remediated vCenter

NOTE: You MUST also run the remove_log4j_class.py script after using this python script to fully remediate a vCenter Server or PSC

RUN LIST:

  1. Take a backup of your vCenter.
  2. Download the script remove_log4j_class.py. NOTE: This is official VMware script and link is directing to VMware repo.
  3. Login to the vCSA using an SSH Client (using Putty.exe or any similar SSH Client)
  4. Transfer the file to /tmp folder on vCenter Server Appliance using WinSCP

NOTE: Note: It’s necessary to enable the bash shell before WinSCP will work

  1. Go to /tmp forlder
  2. Run this command to execute script:
python remove_log4j_class.py

NOTE: The script will stop all vCenter services, proceed with removing the JndiLookup.class from all jar files on the appliance and finally start all vCenter services. The files that the script modifies will be reported as “VULNERABLE FILE” as the script runs

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page: https://www.facebook.com/AngrySysOps

Read my blog: https://angrysysops.com

Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A

Please leave the comment