Denial-of-Service Vulnerability in OpenSLP of VMware ESXi
CVE-2021-21995

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi And Vmware Cloud Foundation
Vendor: CVE Published:; 13 July 2021

Summary

A vulnerability exists in the OpenSLP service used in VMware ESXi that may allow a malicious actor with access to network port 427 to exploit a heap out-of-bounds read. This exploitation could lead to a denial-of-service condition, potentially disrupting the availability of the affected ESXi host.

Affected Version(s)

VMware ESXi and VMware Cloud Foundation VMware ESXi(7.0 before ESXi70U2-17630552, 6.7 before ESXi670-202103101-SG, 6.5 before ESXi650-202107401-SG) and VMware Cloud Foundation (4.x, 3.x before 3.10.2)

References

https://www.vmware.com/security/advisories/VMSA-2021-0014...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Jan 4, 2021