HPE SimpliVity
cancel
Showing results for 
Search instead for 
Did you mean: 

Workaround for VMSA-2021-0002 with ESX

 
Brian_Galante
Advisor

Workaround for VMSA-2021-0002 with ESX

Hi All,

So for this vulnerability, and remediating it on ESX, https://kb.vmware.com/s/article/76372.

They want us to diable the CIM Server, Does that impact the Simplivity in any way, safe to do?

https://kb.vmware.com/s/article/76372

 

11 REPLIES 11
gustenar
HPE Pro

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

At the moment it is being evaluated if applying this workaround or patch is supported by Simplivity. More updates as soon as possible. 

 

I am an HPE employee
Accept or Kudo
gustenar
HPE Pro

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

VMware vCenter Server 6.7 Update 3l Build 17138064 is now supported for HPE Simplivity versions 3.7.10 U1, 4.0.0, 4.0.1, 4.0.1 U1 and 4.1.0 based on the new HPE Simplivity Interoperability guide. This is the version recommended by Vmware to fix the vulnerability. With this you wouldn't need to apply the workaround and can go with the patch instead.  

I am an HPE employee
Accept or Kudo
Brian_Galante
Advisor

Re: Workaround for VMSA-2021-0002 with ESX

Do you have a link to that guide? I went to the HPE site and found a link to it, but it's sending me to the 4.0.1 U1 version...

 

Brian_Galante
Advisor

Re: Workaround for VMSA-2021-0002 with ESX

gustenar
HPE Pro

Re: Workaround for VMSA-2021-0002 with ESX

Yep, that's the one. Sorry I couldn't get back to you earlier. 

I am an HPE employee
Accept or Kudo
fahlis
Frequent Advisor

Re: Workaround for VMSA-2021-0002 with ESX

@gustenar
Hi,
I don't understand. The workaround in the KB is for ESXi, not vCenter. I have updated my customers vCenter to 6.7 U3l. But that does not help mitigating the flaw for ESXi. And the OmniStack 4.1.0 interop guide does not include the patch for ESXi. So to my understanding the only supported way around this is the already mentioned workaround. Or do you perhaps (Hopefully) mean that HPE is working on approving the patch for OmniStack 4.1.0? That would be great. And as I already mentioned in the other ongoing thread for this VMSA, HPE really needs to step up the game here.
gustenar
HPE Pro

Re: Workaround for VMSA-2021-0002 with ESX

Sorry for the confusion, my comment was pointing to the vCenter fixes detailed on that advisory.

I am an HPE employee
Accept or Kudo
Brian_Galante
Advisor

Re: Workaround for VMSA-2021-0002 with ESX

Yes thats correct, the ESX version needed isn't supported by Simplivity yet.

Latest ESX supported by HPE.

ESXi 6.7 P04 - Build 17167734

What the advisory calls for:

ESXI 6.7 EP18 Build 17499825

That is ONE patch below! So hopefully HPE will provide some guidance soon.

 

jeffleblanc
Occasional Visitor

Re: Workaround for VMSA-2021-0002 with ESX

I understand that HP has not certified the ESX update for use with Simplivity yet but has HPE been able to validate the workaround is safe to disable the CIM server on the host without impacting Simplicity functionality. 

https://kb.vmware.com/s/article/76372