Syneto Knowledge

Open a ticket

How to mitigate OpenSLP and SFCB vulnerabilities in ESXi

Administrator

Written By Christian Castagna (Administrator)

Updated at December 17th, 2024

Table of Contents

Vulnerability description Solution

This article provides information on how to mitigate the CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974 vulnerabilities.

→ Applies to: VMware ESXi 6.5.x prior to ESXi650-202102101-SG
→ Applies to: VMware ESXi 6.7.x prior to ESXi670-202102401-SG
→ Applies to: VMware ESXi 7.x prior to ESXi70U1c-17325551

 

Vulnerability description

SOURCES
NIST (https://nvd.nist.gov/vuln/detail/CVE-2021-21972)
NIST (https://nvd.nist.gov/vuln/detail/CVE-2021-21973)
NIST (https://nvd.nist.gov/vuln/detail/CVE-2021-21974)
VMware (https://kb.vmware.com/s/article/76372)

 

Solution

Step 1. Connect to VMware ESXi CLI (via SSH)

Step 2. Disable access to OpenSLP (port 427)

esxcli network firewall ruleset set --ruleset-id CIMSLP --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id CIMSLP --ip-address 172.16.254.2

 

Step 3. Disable access to CIMServer (port 5988/HTTP, port 5989/HTTPS)

esxcli network firewall ruleset set --ruleset-id CIMHttpServer --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id CIMHttpServer --ip-address 172.16.254.2

 

It is recommended to upgrade your system to the latest versions of VMware ESXi.

Related Articles

CVE-2025-22247 (VMware Tools Insecure File Handling Vulnerability)

This article provides information on how to mitigate the CVE-2025-22247 vulnerabi...

CVE-2024-6387 (regreSSHion attack)

This article provides information on how to mitigate the CVE-2024-6387 vulnerabil...

CVE-2023-48795 (Terrapin attack on SSH)

This article provides information on how to mitigate the CVE-2023-48795 vulnerabi...

CVE-2023-34058 (VMware Tools Token Signature Bypass Vulnerability)

This article provides information on how to mitigate the CVE-2023-34058 vulnerabi...