Mitigating CVE-2021-21972 and CVE-2021-21973 in practical terms

Anyone who says ssh should be disabled is misinformed. ssh should be secured but enabled, and this mitigation is just one of the reasons why.

  1. Start by gaining access to your vCenter VCSA with SSH.
  2. Run the commands in the first image below, you can use Putty cut & paste to insert filenames:

cd /etc/vmware/vsphere-ui/
ls
cp compatibility-matrix.xml compatibility-matrix.bak
vi compatibility-matrix.xml
service-control --restart vsphere-ui

Here is a graphic of the commands:

Here’s what should look like in VI before you save:

John Borhek

About: John Borhek

John Borhek is the CEO and Lead Solutions Architect at VMsources Group Inc. John has soup-to-nuts experience in Mission Critical Infrastructure, specializing in hyper-convergence and Cloud Computing, engaging with organizations all over the United States and throughout the Americas.


Leave a Reply

Your email address will not be published. Required fields are marked *