We are aware of a few cases where users have reported that their vCenter Server was misused to gain remote access to critical infrastructure such as nuclear power plants, air traffic control systems, and other critical national infrastructure. You may verify if your vCenter Server is vulnerable by running the following command in a SSH session to the vCenter server.
[root@vCenterServer ~]# cat /usr/lib/libvirt/qemu/1.0/qemu-kvm.conf | grep vmw | sort -n
If the output is similar to the following, your vCenter Server is vulnerable:
vmw_adapter_info_dump: BUG: KVM: PPC: Unsafe deserialization of guest memory through shared rings.
To remediate this issue, upgrade to version 6.5.0 or later, as soon as possible. If you are running an earlier version, you must upgrade before an attacker can exploit it.
Many users will not be comfortable upgrading their vCenter Server software. If you are in this situation, we strongly recommend that you consider using the vSphere upgrade method.
vSphere upgrade method
If you are uncomfortable upgrading your vCenter Server software, you can use the vSphere upgrade method to remediate this issue. To use the vSphere upgrade method, follow these steps:
1. Power off your vCenter Server system.
2. Remove all external storage from the ESXi host.
3. Create a new VM with a fresh copy of the same operating system and virtual hardware resource settings as your current vCenter Server system with the same network settings and hostname (or IP address). You can create a new VM by using one of these commands:
-CLI: "VIM show esxi\host" to list existing VMs on your host, then right click on an existing VM to select "Create New Virtual Machine".
-PowerCLI: "Get-VMHost Host | Get-VMHost -Name
VMware vSphere Upgrade Process
The VMware vSphere upgrade process is not only an easy way for you to upgrade your vCenter Server software. It also provides a way for you to make the updates available without disrupting your business operations. If you use this method, the new version of the vCenter Server will run on top of the old one and continue to serve all its previous roles.
The VMware vSphere Upgrade Process can be completed in a few simple steps:
- Upgrade your vCenter Server application server with the new version of the upgrade package
- Upgrade your vCenter Database server with the new version of the upgrade package
- Pre-upgrade check to verify that everything is working as expected in advance
- Complete the upgrade by performing a migration operation and updating hosts
What is the vSphere upgrade method?
If you are running vCenter Server version 6.0, 6.1, or 6.2 and none of the above workarounds work for you, consider using the vSphere upgrade method to protect yourself from this vulnerability.
The vSphere upgrade method is a deployment with VMware ESXi that upgrades the virtual machines in your environment to a newer version of VMware ESXi without disrupting their production workloads. You can also use it to migrate from earlier versions of vCenter Server software to version 6.5.0 or later as an alternative to upgrading your physical infrastructure hosts.
ESXi Software Update##
You can remediate the issue on an ESXi host by running the following command in a SSH session to the ESXi host.
esxcli software vib install -v 6.5.0 -f
This will install the required updates and clear any existing versions of vCenter Server that are not compatible with ESXi 6.5, as well as any other unwanted software on the host.
Timeline
Published on: 10/07/2022 21:15:00 UTC
Last modified on: 10/11/2022 13:37:00 UTC