Python script to automate the workaround steps of VMSA-2021-0028 vulnerability on vCenter Server Appliance
search cancel

Python script to automate the workaround steps of VMSA-2021-0028 vulnerability on vCenter Server Appliance

book

Article ID: 318882

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Environment

  • VMware vCenter Server 7.0.x
  • VMware vCenter Server Appliance 6.7.x
  • VMware vCenter Server Appliance 6.5.x

Resolution

IMPORTANT: The steps in this article are now obsolete due to the release of vc_log4j_mitigator.py. Use Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway to remediate the vCenter Server Appliance.

Please refer to the Resolution section in KB Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway.

IMPORTANT: After finishing the steps here, you MUST complete the remediation process by running the remove_log4j_class.py script in Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway.

Workaround:

Follow the below steps to automate the workaround steps mentioned in Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway:

How to execute the script on vCenter Server Appliance:

  1. Download the script attached to this KB (vmsa-2021-0028-kb87081.py )
  2. Transfer the file to /tmp folder on vCenter Server Appliance using WinSCP or follow below steps to copy paste the script contents to VCSA using Putty
    1. Login to the vCSA using an SSH Client (using Putty.exe or any similar SSH Client)
    2. Open the script on your desktop in Notepad (Notepad++ is preferred)
    3. Copy the entire contents (Ctrl + C)
    4. On VCSA, create a new file using vi command
      1. vi /tmp/vmsa-2021-0028-kb87081.py
      2. Press the key 'i' to change vi editor to write/insert mode
      3. Right Click on the screen to Paste the script contents Copied from the previous step
      4. Save the Contents using Keys (Press Esc and then :wq! followed by Enter key)
  3. Execute the script using the command "python /tmp/vmsa-2021-0028-kb87081.py"
  4. Script will prompt for users input to confirm the services restart as all the services needs to be restarted to implement the workaround, Enter 'y' or 'Y' if you want to proceed with the script

Additional Information

Sample Screenshot from VCSA 7.0:


Sample Screenshot from VCSA 6.7 U3o (6.7.0.50000 build 18485166) or older builds:


Sample Screenshot from VCSA 6.7 U3p (build 18831133) or higher builds:


Impact/Risks:

  • VCHA needs to be removed before executing the steps in this KB article.
  • Environments with external PSCs need to have the script executed on both vCenter and PSC appliances.