HPE Community
HPE SimpliVity
1829415 Members
2572 Online
109991 Solutions
New Discussion

Re: Workaround for VMSA-2021-0002 with ESX

 
Brian_Galante
Frequent Advisor

‎03-01-2021 01:01 PM

‎03-01-2021 01:01 PM

Workaround for VMSA-2021-0002 with ESX

Hi All,

So for this vulnerability, and remediating it on ESX, https://kb.vmware.com/s/article/76372.

They want us to diable the CIM Server, Does that impact the Simplivity in any way, safe to do?

https://kb.vmware.com/s/article/76372

 

0 Kudos
Reply
12 REPLIES 12
gustenar
HPE Pro

‎03-02-2021 04:42 AM

‎03-02-2021 04:42 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

At the moment it is being evaluated if applying this workaround or patch is supported by Simplivity. More updates as soon as possible. 

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
gustenar
HPE Pro

‎03-02-2021 07:14 AM

‎03-02-2021 07:14 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hello @Brian_Galante 

VMware vCenter Server 6.7 Update 3l Build 17138064 is now supported for HPE Simplivity versions 3.7.10 U1, 4.0.0, 4.0.1, 4.0.1 U1 and 4.1.0 based on the new HPE Simplivity Interoperability guide. This is the version recommended by Vmware to fix the vulnerability. With this you wouldn't need to apply the workaround and can go with the patch instead.  



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-02-2021 07:50 AM

‎03-02-2021 07:50 AM

Re: Workaround for VMSA-2021-0002 with ESX

Do you have a link to that guide? I went to the HPE site and found a link to it, but it's sending me to the 4.0.1 U1 version...

 

0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-02-2021 09:11 AM

‎03-02-2021 09:11 AM

Re: Workaround for VMSA-2021-0002 with ESX

Found the correct link:

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00099036en_us

 

 

0 Kudos
Reply
gustenar
HPE Pro

‎03-02-2021 10:18 AM

‎03-02-2021 10:18 AM

Re: Workaround for VMSA-2021-0002 with ESX

Yep, that's the one. Sorry I couldn't get back to you earlier. 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
fahlis
Frequent Advisor

‎03-02-2021 07:36 PM

‎03-02-2021 07:36 PM

Re: Workaround for VMSA-2021-0002 with ESX

@gustenar
Hi,
I don't understand. The workaround in the KB is for ESXi, not vCenter. I have updated my customers vCenter to 6.7 U3l. But that does not help mitigating the flaw for ESXi. And the OmniStack 4.1.0 interop guide does not include the patch for ESXi. So to my understanding the only supported way around this is the already mentioned workaround. Or do you perhaps (Hopefully) mean that HPE is working on approving the patch for OmniStack 4.1.0? That would be great. And as I already mentioned in the other ongoing thread for this VMSA, HPE really needs to step up the game here.
0 Kudos
Reply
gustenar
HPE Pro

‎03-03-2021 09:55 AM

‎03-03-2021 09:55 AM

Re: Workaround for VMSA-2021-0002 with ESX

Sorry for the confusion, my comment was pointing to the vCenter fixes detailed on that advisory.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
Brian_Galante
Frequent Advisor

‎03-03-2021 10:34 AM

‎03-03-2021 10:34 AM

Re: Workaround for VMSA-2021-0002 with ESX

Yes thats correct, the ESX version needed isn't supported by Simplivity yet.

Latest ESX supported by HPE.

ESXi 6.7 P04 - Build 17167734

What the advisory calls for:

ESXI 6.7 EP18 Build 17499825

That is ONE patch below! So hopefully HPE will provide some guidance soon.

 

0 Kudos
Reply
jeffleblanc
Frequent Visitor

‎03-10-2021 11:48 AM

‎03-10-2021 11:48 AM

Re: Workaround for VMSA-2021-0002 with ESX

I understand that HP has not certified the ESX update for use with Simplivity yet but has HPE been able to validate the workaround is safe to disable the CIM server on the host without impacting Simplicity functionality. 

https://kb.vmware.com/s/article/76372

0 Kudos
Reply
castiron45
New Member

‎03-24-2021 06:06 AM

‎03-24-2021 06:06 AM

Re: Workaround for VMSA-2021-0002 with ESX

Any word on if this workaround to disable the CIM Server affects Simplivity functionality or not?

0 Kudos
Reply
dhooley
HPE Pro

‎03-31-2021 05:56 AM

‎03-31-2021 05:56 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hi @castiron45 

The workaround documented by VMware to disable the CIM Service has been tested by SimpliViy support on version's 3.7.9 & above. However, I would recommend opening a support ticket to have your environment verified 100% before proceeding with that option.

The only affect this may have is with Host discovery during future deployments.

Hope this helps!


I work for HPEAccept or Kudo
0 Kudos
Reply
Stridh
Occasional Advisor

‎06-03-2021 06:01 AM

‎06-03-2021 06:01 AM

Re: Workaround for VMSA-2021-0002 with ESX

Hello.

Why is this taking soo long time to get verifyed. Please approv the VMSA-2021-0002 NOW!!!!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.