CVE-2021-21974

Name of the Vulnerable Software and Affected Versions ESXi versions 7.0 before ESXi70U1c-17325551 ESXi versions 6.7 before ESXi670-202102401-SG ESXi versions 6.5 before ESXi650-202102101-SG

Description The issue is related to a heap-overflow vulnerability in the OpenSLP service used in ESXi. A malicious actor within the same network segment as ESXi, with access to port 427, may be able to trigger the heap-overflow issue, resulting in remote code execution. The estimated number of potentially affected devices worldwide is between 300 to 500, with the ESXiArgs ransomware group infecting hundreds of ESXi hosts globally. The vulnerability has been exploited in real-world incidents, including a global ransomware attack on VMware ESXi hypervisors.

Recommendations For ESXi versions 7.0 before ESXi70U1c-17325551, update to a version that includes the fix for this issue. For ESXi versions 6.7 before ESXi670-202102401-SG, update to a version that includes the fix for this issue. For ESXi versions 6.5 before ESXi650-202102101-SG, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to port 427 to minimize the risk of exploitation.