Advisory
06 Feb 2023
Background
A new wave of ransomware attacks targeting VMware ESXi hypervisors are exploiting a known vulnerability CVE-2021-21974 on unpatched systems. The issue is an Open Service Location Protocol (OpenSLP) heap-overflow vulnerability that can lead to remote code execution.
Impact
Possible loss and leakage of data
Affected Versions
- ESXi 7.x versions earlier than ESXi70U1c-17325551
- ESXi versions 6.7.x earlier than ESXi670-202102401-SG
- ESXi versions 6.5.x earlier than ESXi650-202102101-SG
Recommendations
- Upgrade to the latest version of ESXi
- Apply all patches available for ESXi hypervisor
- Restrict access to OpenSLP service to only trusted IP addresses
- Perform a system scan to detect any signs of compromise
- Regularly backup data. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
References
