1. Background
esxi 6.5 has a vulnerability, number CVE-2020-3992, vulnerability description: VMwareESXiOpenSLP remote code execution vulnerability (CVE-2020-3992). When the hacker is in the management network (management network), a user-after-free vulnerability of the OpenSLP service can be triggered through port 427 to execute arbitrary code remotely.
In order to fix the vulnerability, it was decided to perform an upgrade operation.
2. Environmental description
ip address | esxi version | Current build number | Target build number | Patch |
---|---|---|---|---|
172.27.34.90 | 6.5 | 4887370 | 17477841 | ESXi650-202102001.zip |
Three, version view
1. View the internal version number
"Help"-"About"
The current internal version number is 4887370
2. View all versions
https://kb.vmware.com/s/article/2143832?lang=en_us
3. Current version
The internal version 4887370 corresponds to ESXi 6.5.0 a
4. Target version
Checking the target version is to confirm the download of the patch package. Here, the latest version is selected as the target version ESXi 6.5 P06, and the corresponding internal version is 17477841
Four, patch download
Patch package download address:
https://my.vmware.com/group/vmware/patch#search
Download the latest patch package corresponding to esxi 6.5
Five, close the virtual machine
The virtual machine needs to be shut down before the upgrade
Six, upload the patch package
Upload the patch package via "Data Storage Browser"
Seven, enter the maintenance mode
Patch upgrades need to be performed in maintenance mode
Eight, open the command line mode
1. Enable ssh
2. Use crt to remotely log in to the system
Nine, version upgrade
[root@localhost:/vmfs/volumes/5df883d8-7aaba396-fca3-5cf3fc4e4d40] pwd
/vmfs/volumes/datastore1
[root@localhost:/vmfs/volumes/5df883d8-7aaba396-fca3-5cf3fc4e4d40] ls -l|grep 2021
-rw-r--r-- 1 root root 483794868 Mar 31 08:49 ESXi650-202102001.zip
[root@localhost:/vmfs/volumes/5df883d8-7aaba396-fca3-5cf3fc4e4d40] esxcli software vib install -d "/vmfs/volumes/datastore1/ESXi650-202102001.zip" --no-sig-check
Please add the parameter "--no-sig-check" to the upgrade command to prevent errors
10. Restart the system
[root@localhost:/vmfs/volumes/5df883d8-7aaba396-fca3-5cf3fc4e4d40] reboot
11. Review
The version was successfully upgraded from 4887370 to 17477841
12. Exit maintenance mode
Exit maintenance mode and restart the virtual machine
Change complete