CVE-2021-21974 Report - Details, Severity, & Advisories
Twingate Team
•
Dec 19, 2023
CVE-2021-21974 is a high-severity heap-overflow vulnerability affecting OpenSLP in certain versions of ESXi. A malicious actor within the same network segment as ESXi, with access to port 427, can exploit this vulnerability to execute remote code. Systems running specific versions of ESXi are at risk, and users are advised to apply updates to address the issue. The vulnerability was discovered by Lucas Leong of Trend Micro's Zero Day Initiative and has a CVSS 3.x base score of 8.8.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you'll need to check if you're using VMware ESXi and if it's one of the affected versions. Vulnerable versions include ESXi 6.5, 6.7, and 7.0.0, as well as VMware Cloud Foundation versions from 3.0 to 4.2. If your system is running one of these versions, you may be at risk. For more information, refer to the VMware Security Advisory.
What should I do if I'm affected?
If you're affected by the CVE-2021-21974 vulnerability, follow these steps: 1) Update your VMware ESXi installation to the latest version, 2) Apply necessary patches and updates, and 3) Disable the OpenSLP service if not in use. By doing so, you'll mitigate the risk and protect your system from potential attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-21974 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, found in certain versions of VMware ESXi, allows attackers to execute arbitrary code without authentication by exploiting a heap-overflow in OpenSLP. To protect your system, it's crucial to update your VMware ESXi installation and apply necessary patches.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, which involves an out-of-bounds write issue in OpenSLP, affecting VMware ESXi. This flaw allows attackers within the same network segment to execute arbitrary code without authentication.
For more details
CVE-2021-21974 vulnerability poses a significant risk to affected VMware ESXi installations. To ensure the security of your system, it's crucial to apply the necessary updates and follow recommended mitigation steps. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-21974 Report - Details, Severity, & Advisories
Twingate Team
•
Dec 19, 2023
CVE-2021-21974 is a high-severity heap-overflow vulnerability affecting OpenSLP in certain versions of ESXi. A malicious actor within the same network segment as ESXi, with access to port 427, can exploit this vulnerability to execute remote code. Systems running specific versions of ESXi are at risk, and users are advised to apply updates to address the issue. The vulnerability was discovered by Lucas Leong of Trend Micro's Zero Day Initiative and has a CVSS 3.x base score of 8.8.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you'll need to check if you're using VMware ESXi and if it's one of the affected versions. Vulnerable versions include ESXi 6.5, 6.7, and 7.0.0, as well as VMware Cloud Foundation versions from 3.0 to 4.2. If your system is running one of these versions, you may be at risk. For more information, refer to the VMware Security Advisory.
What should I do if I'm affected?
If you're affected by the CVE-2021-21974 vulnerability, follow these steps: 1) Update your VMware ESXi installation to the latest version, 2) Apply necessary patches and updates, and 3) Disable the OpenSLP service if not in use. By doing so, you'll mitigate the risk and protect your system from potential attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-21974 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, found in certain versions of VMware ESXi, allows attackers to execute arbitrary code without authentication by exploiting a heap-overflow in OpenSLP. To protect your system, it's crucial to update your VMware ESXi installation and apply necessary patches.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, which involves an out-of-bounds write issue in OpenSLP, affecting VMware ESXi. This flaw allows attackers within the same network segment to execute arbitrary code without authentication.
For more details
CVE-2021-21974 vulnerability poses a significant risk to affected VMware ESXi installations. To ensure the security of your system, it's crucial to apply the necessary updates and follow recommended mitigation steps. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-21974 Report - Details, Severity, & Advisories
Twingate Team
•
Dec 19, 2023
CVE-2021-21974 is a high-severity heap-overflow vulnerability affecting OpenSLP in certain versions of ESXi. A malicious actor within the same network segment as ESXi, with access to port 427, can exploit this vulnerability to execute remote code. Systems running specific versions of ESXi are at risk, and users are advised to apply updates to address the issue. The vulnerability was discovered by Lucas Leong of Trend Micro's Zero Day Initiative and has a CVSS 3.x base score of 8.8.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you'll need to check if you're using VMware ESXi and if it's one of the affected versions. Vulnerable versions include ESXi 6.5, 6.7, and 7.0.0, as well as VMware Cloud Foundation versions from 3.0 to 4.2. If your system is running one of these versions, you may be at risk. For more information, refer to the VMware Security Advisory.
What should I do if I'm affected?
If you're affected by the CVE-2021-21974 vulnerability, follow these steps: 1) Update your VMware ESXi installation to the latest version, 2) Apply necessary patches and updates, and 3) Disable the OpenSLP service if not in use. By doing so, you'll mitigate the risk and protect your system from potential attacks.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-21974 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This high-severity issue, found in certain versions of VMware ESXi, allows attackers to execute arbitrary code without authentication by exploiting a heap-overflow in OpenSLP. To protect your system, it's crucial to update your VMware ESXi installation and apply necessary patches.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-787, which involves an out-of-bounds write issue in OpenSLP, affecting VMware ESXi. This flaw allows attackers within the same network segment to execute arbitrary code without authentication.
For more details
CVE-2021-21974 vulnerability poses a significant risk to affected VMware ESXi installations. To ensure the security of your system, it's crucial to apply the necessary updates and follow recommended mitigation steps. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.