At theonionhost.com, we have many clients who use VMware vCenter Server as their centralized management platform for VMware vSphere environments. Unfortunately, some of these servers were found to be vulnerable to the recently discovered security exploit, CVE-2021-21974, (also known as vmware esxi openslp heapoverflow vulnerability) which allows unauthenticated attackers to execute arbitrary code on affected systems. To mitigate this risk, we patched the vulnerable servers and discovered that blocking the Service Location Protocol (SLP), also known as OpenSLP, was an effective solution.
In light of this, we thought it would be helpful to share our experience with the community and write a tutorial on how to block OpenSLP in VMware vCenter Server to improve the security of virtualized environments.
Step 1: Connect to vCenter Server using vSphere Client
To start, you need to connect to the vCenter Server using the vSphere Client. The vSphere Client is a graphical user interface that you can use to manage your virtual environment. Once you are connected to the vCenter Server, click on the “Configuration” tab.
Step 2: Access the Security Profile
From the Configuration tab, click on “Security Profile” to access the security settings for the vCenter Server.
Step 3: Edit the Firewall Configuration
In the Security Profile, click on “Firewall” to access the firewall configuration. From the firewall configuration, you can control which ports and protocols are allowed or blocked on the vCenter Server.
Step 4: Block OpenSLP
To block OpenSLP, you need to add a firewall rule that denies access to the SLP port. To do this, click on “Add” and select “Service”. In the “Service” section, enter the following details:
- Service Name: Block OpenSLP
- Port: 427
- Protocol: UDP
Click on “OK” to save the new firewall rule.
Step 5: Apply the Changes
Once you have added the firewall rule to block OpenSLP, you need to apply the changes. To do this, click on “OK” and then restart the firewall service by clicking on “Restart”.
Blocking OpenSLP in VMware vCenter Server is an important step in mitigating the risk of attack from CVE-2021-21974. By following this tutorial, you can add a firewall rule to deny access to the SLP port and prevent malicious actors from exploiting this vulnerability. With this added security measure in place, you can rest assured that your virtual environment is protected from potential attacks.