Mitigating CVE-2021-21972 and CVE-2021-21973 in practical terms
Anyone who says ssh should be disabled is misinformed. ssh should be secured but enabled, and this mitigation is just one of the reasons why.
- Start by gaining access to your vCenter VCSA with SSH.
- Run the commands in the first image below, you can use Putty cut & paste to insert filenames:
cd /etc/vmware/vsphere-ui/ ls cp compatibility-matrix.xml compatibility-matrix.bak vi compatibility-matrix.xml service-control --restart vsphere-ui
Here is a graphic of the commands:
Here’s what should look like in VI before you save: