⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2021-21974 — Out-of-bounds Write in Vmware Esxi
Severity
8.8HIGHNVD
EPSS
55.7%
top 1.91%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 24
Latest updateFeb 7
Description
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5vmware/vmware_esxi6.5 before ESXi650-202102101-SG, 6.7 before ESXi670-202102401-SG, 7.0 before ESXi70U1c-17325551+2
🔴Vulnerability Details
3🔍Detection Rules
1Suricata▶
ET EXPLOIT VMWare ESXi 6.7.0 OpenSLP Remote Code Execution Attempt - Directory Agent Advertisement Heap Overflow (CVE-2021-21974)↗2023-02-03
📋Vendor Advisories
2🕵️Threat Intelligence
5Recorded Future▶
ESXiArgs Ransomware Targets Publicly-Exposed ESXi OpenSLP Servers | Recorded Future↗