Heap Overflow Vulnerability in ESXi by VMware
CVE-2021-21974

8.8HIGH

Key Information:

Vendor
Vmware
Status
Vmware Esxi
Vmware Cloud Foundation
Vendor
CVE Published:
24 February 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 90%

Summary

The OpenSLP service in VMware ESXi contains a heap overflow vulnerability that could allow an attacker within the same network segment to execute arbitrary code. By sending specially crafted packets to port 427, an unauthorized actor may exploit this flaw, potentially compromising the entire system. Users are advised to update their ESXi installations to mitigate this risk.

Affected Version(s)

VMware Cloud Foundation 4.x before 4.2 and 3.x

VMware ESXi 7.0 before ESXi70U1c-17325551

VMware ESXi 6.7 before ESXi670-202102401-SG

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-21974
Created by Shadow0ps

ESXi-Ransomware-Scanner-mi
Created by CYBERTHREATANALYSIS

Feb2023-CVE-2021-21974-OSINT
Created by n2x4

References

https://www.vmware.com/security/advisories/VMSA-2021-0002...
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-250/
x_refsource_MISC
http://packetstormsecurity.com/files/162957/VMware-ESXi-O...
x_refsource_MISC

EPSS Score

90% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.