VMware vSphere

Didn't found the fix for vulnerability CVE-2021-21974 (VMSA-2021-0002). Found only for CVE-2021-21972 and CVE-2021-21973. Please help. We have ESXI servers which running on 6.7.0 Update 3 (Build 17167734)

https://kb.vmware.com/s/article/76372... in this do we need to disable and then enable the slp service to mitigate the vulnerability. If only enable and then any service restart is required? Because I disabled the slp but the vulnerability is still there

Moderator edit by wila: Merged this thread with above post as it seems user has found the KB article.

Hi,

Greetings for the day.

To remediate CVE-2021-21974 for ESXi 6.7 please apply ESXi670-202102401-SG patch on host and for that you need to download patch ESXi670-202102001 (build number 17499825) from below mentioned URL:

https://my.vmware.com/group/vmware/patch#search

Same is mentioned in https://www.vmware.com/security/advisories/VMSA-2021-0002.html under section 3b.

For workaround please follow KB: https://kb.vmware.com/s/article/76372 and the procedure will be:

To implement the workaround perform the following steps:

1. Stop the SLP service on the ESXi host with this command:

esxcli system slp stats get 

2. Run the following command to disable the SLP service: