CVE-2019-11248 affects ESXi hosts
search cancel

CVE-2019-11248 affects ESXi hosts

book

Article ID: 406877

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0

Issue/Introduction

  • A vulnerability scanner detected that port 2379 on ESXi hosts exposes the /debug/pprof endpoint insecurely, related to CVE-2019-11248.
  • Although this CVE references Kubelet, it can affect any service using Golang, including etcd on ESXi hosts.
  • For more information, see: CVE-2019-11248.

Environment

  • VMware vSphere ESXi 8.0 prior to patch 7
  • VMware vSphere ESXi 9 GA

Cause

The etcd service on ESXi hosts insecurely exposes the /debug/pprof HTTP endpoint. This can leak profiling data, creating a potential information disclosure vulnerability. The etcd service is started by the clusterAgent service on each host.

Resolution

Run the following command on each host within the cluster to stop the clusterAgent, delete the etcd data stored on the host, and remove the ESXi host from the etcd cluster:

/etc/init.d/clusterAgent stop ; configstorecli files datafile delete -c esx -k cluster_agent_data ; configstorecli files datadir delete -c esx -k cluster_agent_data

Additional Information

In a vSphere cluster, only three ESXi hosts will be actively participating in the etcd cluster at a single time. 

Powered by Wolken Software