HPE Community
HPE SimpliVity
1754915 Members
3667 Online
108827 Solutions
New Discussion

Re: Workaround for VMSA-2021-0002 with ESX

 
Brian_Galante
Frequent Advisor

‎03-01-2021 01:01 PM

‎03-01-2021 01:01 PM

Workaround for VMSA-2021-0002 with ESX

Hi All,

So for this vulnerability, and remediating it on ESX, https://kb.vmware.com/s/article/76372.

They want us to diable the CIM Server, Does that impact the Simplivity in any way, safe to do?

https://kb.vmware.com/s/article/76372

 

0 Kudos
Reply
12 REPLIES 12
gustenar
HPE Pro

‎03-02-2021 04:42 AM

‎03-02-2021 04:42 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

At the moment it is being evaluated if applying this workaround or patch is supported by Simplivity. More updates as soon as possible. 

 


I am an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
gustenar
HPE Pro

‎03-02-2021 07:14 AM

‎03-02-2021 07:14 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

VMware vCenter Server 6.7 Update 3l Build 17138064 is now supported for HPE Simplivity versions 3.7.10 U1, 4.0.0, 4.0.1, 4.0.1 U1 and 4.1.0 based on the new HPE Simplivity Interoperability guide. This is the version recommended by Vmware to fix the vulnerability. With this you wouldn't need to apply the workaround and can go with the patch instead.  


I am an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-02-2021 07:50 AM

‎03-02-2021 07:50 AM

Re: Workaround for VMSA-2021-0002 with ESX

Do you have a link to that guide? I went to the HPE site and found a link to it, but it's sending me to the 4.0.1 U1 version...

 

0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-02-2021 09:11 AM

‎03-02-2021 09:11 AM

Re: Workaround for VMSA-2021-0002 with ESX

Found the correct link:

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00099036en_us

 

 

0 Kudos
Reply
gustenar
HPE Pro

‎03-02-2021 10:18 AM

‎03-02-2021 10:18 AM

Re: Workaround for VMSA-2021-0002 with ESX

Yep, that's the one. Sorry I couldn't get back to you earlier. 


I am an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
fahlis
Frequent Advisor

‎03-02-2021 07:36 PM

‎03-02-2021 07:36 PM

Re: Workaround for VMSA-2021-0002 with ESX

@gustenar
Hi,
I don't understand. The workaround in the KB is for ESXi, not vCenter. I have updated my customers vCenter to 6.7 U3l. But that does not help mitigating the flaw for ESXi. And the OmniStack 4.1.0 interop guide does not include the patch for ESXi. So to my understanding the only supported way around this is the already mentioned workaround. Or do you perhaps (Hopefully) mean that HPE is working on approving the patch for OmniStack 4.1.0? That would be great. And as I already mentioned in the other ongoing thread for this VMSA, HPE really needs to step up the game here.
0 Kudos
Reply
gustenar
HPE Pro

‎03-03-2021 09:55 AM

‎03-03-2021 09:55 AM

Re: Workaround for VMSA-2021-0002 with ESX

Sorry for the confusion, my comment was pointing to the vCenter fixes detailed on that advisory.


I am an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-03-2021 10:34 AM

‎03-03-2021 10:34 AM

Re: Workaround for VMSA-2021-0002 with ESX

Yes thats correct, the ESX version needed isn't supported by Simplivity yet.

Latest ESX supported by HPE.

ESXi 6.7 P04 - Build 17167734

What the advisory calls for:

ESXI 6.7 EP18 Build 17499825

That is ONE patch below! So hopefully HPE will provide some guidance soon.

 

0 Kudos
Reply
jeffleblanc
Occasional Visitor

‎03-10-2021 11:48 AM

‎03-10-2021 11:48 AM

Re: Workaround for VMSA-2021-0002 with ESX

I understand that HP has not certified the ESX update for use with Simplivity yet but has HPE been able to validate the workaround is safe to disable the CIM server on the host without impacting Simplicity functionality. 

https://kb.vmware.com/s/article/76372

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.