Workaround Instructions For CVE-2021-22045 on VMware ESXi Hosts
Article ID: 317637
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
VMware has investigated CVE-2021-22045 and determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article.
This workaround is meant to be a temporary solution until updates documented in VMSA-2022-0001 can be deployed.
| ESXi Version | Fixed Version | Build Number | Release date |
| 6.5 | 6.5 P07 | 18678235 | October 12th 2021 |
| 6.7 | 6.7 P06 | 18828794 | November 23rd 2021 |
| 7.0 | 7.0 U3C | 19193900 | January 27th 2022 |
VMware strongly recommended that customers update to the ESXi version(s) highlighted above.
There is no requirement to implement the workaround once the recommended upgrade is complete
Resolution
Resolution for CVE-2021-22045 is documented in VMSA-2022-0001 .
Workaround:
This workaround requires that all CD-ROM/DVD devices are disabled/disconnected on all running virtual machines
For more information please see "Remove Unnecessary Hardware Devices"
1) Log in to a vCenter Server system using the vSphere Web Client.
2) Right-click the virtual machine and click Edit Settings.
3) Select the CD/DVD drive and uncheck "Connected" and "Connect at power on" and remove any attached ISOs.
2) Right-click the virtual machine and click Edit Settings.
3) Select the CD/DVD drive and uncheck "Connected" and "Connect at power on" and remove any attached ISOs.
Additional Information
Powercli can be used to list the virtual machines that have a CD-ROM/DVD connected
Running the command below will list all VMs with a connected device
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent
To remove and disconnect an attached CD-ROM/DVD device, run the command below
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false
Feedback
Yes
No
Powered by
