Python script to automate the workaround steps of VMSA-2021-0028 vulnerability on vCenter Server Appliance
search cancel

Python script to automate the workaround steps of VMSA-2021-0028 vulnerability on vCenter Server Appliance

book

Article ID: 318882

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This KB will help to automate Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway.

Before proceeding, refer to the below links for more information:

Environment

  • VMware vCenter Server 7.0.x
  • VMware vCenter Server Appliance 6.7.x
  • VMware vCenter Server Appliance 6.5.x

Resolution

IMPORTANT: The steps in this article are now obsolete due to the release of vc_log4j_mitigator.py. Use Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway to remediate the vCenter Server Appliance.

Please refer to the Resolution section in KB Workaround instructions to address CVE-2021-44228 in vCenter Server and vCenter Cloud Gateway.

IMPORTANT: After finishing the steps here, you MUST complete the remediation process by running the remove_log4j_class.py script in Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway.

Workaround:

Follow the below steps to automate the workaround steps mentioned in Workaround instructions for CVE-2021-44228 and CVE-2021-45046 in vCenter Server and vCenter Cloud Gateway:

How to execute the script on vCenter Server Appliance:

  1. Download the script attached to this KB (vmsa-2021-0028-kb87081.py )
  2. Transfer the file to /tmp folder on vCenter Server Appliance using WinSCP or follow below steps to copy paste the script contents to VCSA using Putty
    1. Login to the vCSA using an SSH Client (using Putty.exe or any similar SSH Client)
    2. Open the script on your desktop in Notepad (Notepad++ is preferred)
    3. Copy the entire contents (Ctrl + C)
    4. On VCSA, create a new file using vi command
      1. vi /tmp/vmsa-2021-0028-kb87081.py
      2. Press the key 'i' to change vi editor to write/insert mode
      3. Right Click on the screen to Paste the script contents Copied from the previous step
      4. Save the Contents using Keys (Press Esc and then :wq! followed by Enter key)
  3. Execute the script using the command "python /tmp/vmsa-2021-0028-kb87081.py"
  4. Script will prompt for users input to confirm the services restart as all the services needs to be restarted to implement the workaround, Enter 'y' or 'Y' if you want to proceed with the script

Additional Information

Change log:

  • December 13th 2021 - 10:30 PST: Updated the attached python script with resolution for error message "Encountered an internal error.\n\nInstall-parameter deployment.node.type not set"
  • December 14th 2021 - 12:21 PST: Added hyperlink to the script name mentioned in the first step "Download the script attached this KB"
  • December 14th 2021 - 12:21 PST: Added vCenter Version details in Sample Screenshot in Related Information Section
  • December 14th 2021 - 15:17 PST: Corrected typo in the script - "Successfully" to "Successfully"
  • December 16th 2021 - 14:30 PST: Added instructions to return to KB 87081 and finalize the remediation by running the remove_log4j_class.py script there
  • December 18th 2021 - 10:00 PST: Updated script to skip VUM changes if VC is Cloud Gateway Appliance. Also, added an error check to handle failure in reading the actual VC version from file /etc/issue.
  • December 21st 2021 - 10:30 PST: Marked article as obsolete. Only use this article as reference to past steps going forward.


Sample Screenshot from VCSA 7.0:


Sample Screenshot from VCSA 6.7 U3o (6.7.0.50000 build 18485166) or older builds:


Sample Screenshot from VCSA 6.7 U3p (build 18831133) or higher builds:


Impact/Risks:

  • VCHA needs to be removed before executing the steps in this KB article.
  • Environments with external PSCs need to have the script executed on both vCenter and PSC appliances.
Powered by Wolken Software