Lucene search
HistoryFeb 24, 2021 - 5:15 p.m.
CVE-2021-21974
5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.912 High
EPSS
Percentile
98.9%
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Affected configurations
Node
vmwarecloud_foundationRange3.0โ3.10.1.2
ORvmwarecloud_foundationRange4.0โ4.2
Node
vmwareesxiMatch6.5-
ORvmwareesxiMatch6.52
ORvmwareesxiMatch6.5650-201701001
ORvmwareesxiMatch6.5650-201703001
ORvmwareesxiMatch6.5650-201703002
ORvmwareesxiMatch6.5650-201704001
ORvmwareesxiMatch6.5650-201707101
ORvmwareesxiMatch6.5650-201707102
ORvmwareesxiMatch6.5650-201707103
ORvmwareesxiMatch6.5650-201707201
ORvmwareesxiMatch6.5650-201707202
ORvmwareesxiMatch6.5650-201707203
ORvmwareesxiMatch6.5650-201707204
ORvmwareesxiMatch6.5650-201707205
ORvmwareesxiMatch6.5650-201707206
ORvmwareesxiMatch6.5650-201707207
ORvmwareesxiMatch6.5650-201707208
ORvmwareesxiMatch6.5650-201707209
ORvmwareesxiMatch6.5650-201707210
ORvmwareesxiMatch6.5650-201707211
ORvmwareesxiMatch6.5650-201707212
ORvmwareesxiMatch6.5650-201707213
ORvmwareesxiMatch6.5650-201707214
ORvmwareesxiMatch6.5650-201707215
ORvmwareesxiMatch6.5650-201707216
ORvmwareesxiMatch6.5650-201707217
ORvmwareesxiMatch6.5650-201707218
ORvmwareesxiMatch6.5650-201707219
ORvmwareesxiMatch6.5650-201707220
ORvmwareesxiMatch6.5650-201707221
ORvmwareesxiMatch6.5650-201710001
ORvmwareesxiMatch6.5650-201712001
ORvmwareesxiMatch6.5650-201803001
ORvmwareesxiMatch6.5650-201806001
ORvmwareesxiMatch6.5650-201808001
ORvmwareesxiMatch6.5650-201810001
ORvmwareesxiMatch6.5650-201810002
ORvmwareesxiMatch6.5650-201811001
ORvmwareesxiMatch6.5650-201811002
ORvmwareesxiMatch6.5650-201811301
ORvmwareesxiMatch6.5650-201901001
ORvmwareesxiMatch6.5650-201903001
ORvmwareesxiMatch6.5650-201905001
ORvmwareesxiMatch6.5650-201908001
ORvmwareesxiMatch6.5650-201910001
ORvmwareesxiMatch6.5650-20191004001
ORvmwareesxiMatch6.5650-201911001
ORvmwareesxiMatch6.5650-201911401
ORvmwareesxiMatch6.5650-201911402
ORvmwareesxiMatch6.5650-201912001
ORvmwareesxiMatch6.5650-201912002
ORvmwareesxiMatch6.5650-201912101
ORvmwareesxiMatch6.5650-201912102
ORvmwareesxiMatch6.5650-201912103
ORvmwareesxiMatch6.5650-201912104
ORvmwareesxiMatch6.5650-201912301
ORvmwareesxiMatch6.5650-201912401
ORvmwareesxiMatch6.5650-201912402
ORvmwareesxiMatch6.5650-201912403
ORvmwareesxiMatch6.5650-201912404
ORvmwareesxiMatch6.5650-202005001
ORvmwareesxiMatch6.5650-202006001
ORvmwareesxiMatch6.5650-202007001
ORvmwareesxiMatch6.5650-202010001
ORvmwareesxiMatch6.5650-202011001
ORvmwareesxiMatch6.5650-202011002
ORvmwareesxiMatch6.5650-202102001
ORvmwareesxiMatch6.7-
ORvmwareesxiMatch6.7670-201806001
ORvmwareesxiMatch6.7670-201807001
ORvmwareesxiMatch6.7670-201808001
ORvmwareesxiMatch6.7670-201810001
ORvmwareesxiMatch6.7670-201810101
ORvmwareesxiMatch6.7670-201810102
ORvmwareesxiMatch6.7670-201810103
ORvmwareesxiMatch6.7670-201810201
ORvmwareesxiMatch6.7670-201810202
ORvmwareesxiMatch6.7670-201810203
ORvmwareesxiMatch6.7670-201810204
ORvmwareesxiMatch6.7670-201810205
ORvmwareesxiMatch6.7670-201810206
ORvmwareesxiMatch6.7670-201810207
ORvmwareesxiMatch6.7670-201810208
ORvmwareesxiMatch6.7670-201810209
ORvmwareesxiMatch6.7670-201810210
ORvmwareesxiMatch6.7670-201810211
ORvmwareesxiMatch6.7670-201810212
ORvmwareesxiMatch6.7670-201810213
ORvmwareesxiMatch6.7670-201810214
ORvmwareesxiMatch6.7670-201810215
ORvmwareesxiMatch6.7670-201810216
ORvmwareesxiMatch6.7670-201810217
ORvmwareesxiMatch6.7670-201810218
ORvmwareesxiMatch6.7670-201810219
ORvmwareesxiMatch6.7670-201810220
ORvmwareesxiMatch6.7670-201810221
ORvmwareesxiMatch6.7670-201810222
ORvmwareesxiMatch6.7670-201810223
ORvmwareesxiMatch6.7670-201810224
ORvmwareesxiMatch6.7670-201810225
ORvmwareesxiMatch6.7670-201810226
ORvmwareesxiMatch6.7670-201810227
ORvmwareesxiMatch6.7670-201810228
ORvmwareesxiMatch6.7670-201810229
ORvmwareesxiMatch6.7670-201810230
ORvmwareesxiMatch6.7670-201810231
ORvmwareesxiMatch6.7670-201810232
ORvmwareesxiMatch6.7670-201810233
ORvmwareesxiMatch6.7670-201810234
ORvmwareesxiMatch6.7670-201811001
ORvmwareesxiMatch6.7670-201901001
ORvmwareesxiMatch6.7670-201901401
ORvmwareesxiMatch6.7670-201901402
ORvmwareesxiMatch6.7670-201901403
ORvmwareesxiMatch6.7670-201903001
ORvmwareesxiMatch6.7670-201904001
ORvmwareesxiMatch6.7670-201904201
ORvmwareesxiMatch6.7670-201904201-ug
ORvmwareesxiMatch6.7670-201904202
ORvmwareesxiMatch6.7670-201904202-ug
ORvmwareesxiMatch6.7670-201904203
ORvmwareesxiMatch6.7670-201904203-ug
ORvmwareesxiMatch6.7670-201904204
ORvmwareesxiMatch6.7670-201904204-ug
ORvmwareesxiMatch6.7670-201904205
ORvmwareesxiMatch6.7670-201904205-ug
ORvmwareesxiMatch6.7670-201904206
ORvmwareesxiMatch6.7670-201904206-ug
ORvmwareesxiMatch6.7670-201904207
ORvmwareesxiMatch6.7670-201904207-ug
ORvmwareesxiMatch6.7670-201904208
ORvmwareesxiMatch6.7670-201904208-ug
ORvmwareesxiMatch6.7670-201904209
ORvmwareesxiMatch6.7670-201904209-ug
ORvmwareesxiMatch6.7670-201904210
ORvmwareesxiMatch6.7670-201904210-ug
ORvmwareesxiMatch6.7670-201904211
ORvmwareesxiMatch6.7670-201904211-ug
ORvmwareesxiMatch6.7670-201904212
ORvmwareesxiMatch6.7670-201904212-ug
ORvmwareesxiMatch6.7670-201904213
ORvmwareesxiMatch6.7670-201904213-ug
ORvmwareesxiMatch6.7670-201904214
ORvmwareesxiMatch6.7670-201904214-ug
ORvmwareesxiMatch6.7670-201904215
ORvmwareesxiMatch6.7670-201904215-ug
ORvmwareesxiMatch6.7670-201904216
ORvmwareesxiMatch6.7670-201904216-ug
ORvmwareesxiMatch6.7670-201904217
ORvmwareesxiMatch6.7670-201904217-ug
ORvmwareesxiMatch6.7670-201904218
ORvmwareesxiMatch6.7670-201904218-ug
ORvmwareesxiMatch6.7670-201904219
ORvmwareesxiMatch6.7670-201904219-ug
ORvmwareesxiMatch6.7670-201904220
ORvmwareesxiMatch6.7670-201904220-ug
ORvmwareesxiMatch6.7670-201904221
ORvmwareesxiMatch6.7670-201904221-ug
ORvmwareesxiMatch6.7670-201904222
ORvmwareesxiMatch6.7670-201904222-ug
ORvmwareesxiMatch6.7670-201904223
ORvmwareesxiMatch6.7670-201904223-ug
ORvmwareesxiMatch6.7670-201904224
ORvmwareesxiMatch6.7670-201904224-ug
ORvmwareesxiMatch6.7670-201904225
ORvmwareesxiMatch6.7670-201904225-ug
ORvmwareesxiMatch6.7670-201904226
ORvmwareesxiMatch6.7670-201904226-ug
ORvmwareesxiMatch6.7670-201904227
ORvmwareesxiMatch6.7670-201904227-ug
ORvmwareesxiMatch6.7670-201904228
ORvmwareesxiMatch6.7670-201904228-ug
ORvmwareesxiMatch6.7670-201904229
ORvmwareesxiMatch6.7670-201904229-ug
ORvmwareesxiMatch6.7670-201905001
ORvmwareesxiMatch6.7670-201906002
ORvmwareesxiMatch6.7670-201908101
ORvmwareesxiMatch6.7670-201908102
ORvmwareesxiMatch6.7670-201908103
ORvmwareesxiMatch6.7670-201908104
ORvmwareesxiMatch6.7670-201908201
ORvmwareesxiMatch6.7670-201908202
ORvmwareesxiMatch6.7670-201908203
ORvmwareesxiMatch6.7670-201908204
ORvmwareesxiMatch6.7670-201908205
ORvmwareesxiMatch6.7670-201908206
ORvmwareesxiMatch6.7670-201908207
ORvmwareesxiMatch6.7670-201908208
ORvmwareesxiMatch6.7670-201908209
ORvmwareesxiMatch6.7670-201908210
ORvmwareesxiMatch6.7670-201908211
ORvmwareesxiMatch6.7670-201908212
ORvmwareesxiMatch6.7670-201908213
ORvmwareesxiMatch6.7670-201908214
ORvmwareesxiMatch6.7670-201908215
ORvmwareesxiMatch6.7670-201908216
ORvmwareesxiMatch6.7670-201908217
ORvmwareesxiMatch6.7670-201908218
ORvmwareesxiMatch6.7670-201908219
ORvmwareesxiMatch6.7670-201908220
ORvmwareesxiMatch6.7670-201908221
ORvmwareesxiMatch6.7670-201912001
ORvmwareesxiMatch6.7670-201912101
ORvmwareesxiMatch6.7670-201912102
ORvmwareesxiMatch6.7670-201912401
ORvmwareesxiMatch6.7670-201912402
ORvmwareesxiMatch6.7670-201912403
ORvmwareesxiMatch6.7670-201912404
ORvmwareesxiMatch6.7670-201912405
ORvmwareesxiMatch6.7670-202004001
ORvmwareesxiMatch6.7670-202004002
ORvmwareesxiMatch6.7670-202004301
ORvmwareesxiMatch6.7670-202004401
ORvmwareesxiMatch6.7670-202004402
ORvmwareesxiMatch6.7670-202004403
ORvmwareesxiMatch6.7670-202004404
ORvmwareesxiMatch6.7670-202004405
ORvmwareesxiMatch6.7670-202004406
ORvmwareesxiMatch6.7670-202004407
ORvmwareesxiMatch6.7670-202004408
ORvmwareesxiMatch6.7670-202006001
ORvmwareesxiMatch6.7670-202008001
ORvmwareesxiMatch6.7670-202010001
ORvmwareesxiMatch6.7670-202011001
ORvmwareesxiMatch6.7670-202011002
ORvmwareesxiMatch6.7670-202102001
ORvmwareesxiMatch7.0.0-
ORvmwareesxiMatch7.0.0b
ORvmwareesxiMatch7.0.0update_1
ORvmwareesxiMatch7.0.0update_1a
ORvmwareesxiMatch7.0.0update_1b
Related
ibm
ibm
thn
thn
New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
2023-02-04 05:30:00
VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree
2023-02-07 10:21:00
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
2023-02-11 13:36:00
rapid7blog
rapid7blog
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
2023-02-09 18:36:28
Ransomware Campaign Compromising VMware ESXi Servers
2023-02-06 15:00:57
wizblog
wizblog
attackerkb
attackerkb
CVE-2021-21974
2021-02-24 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Vmware Cloud Foundation
2023-02-04 21:23:20
redhatcve
redhatcve
CVE-2021-21974
2023-02-07 18:56:17
prion
prion
Heap overflow
2021-02-24 17:15:00
zdt
zdt
VMware ESXi OpenSLP Heap Overflow Exploit
2021-06-03 00:00:00
zdi
zdi
packetstorm
packetstorm
VMware ESXi OpenSLP Heap Overflow
2021-06-03 00:00:00
cvelist
cvelist
CVE-2021-21974
2021-02-24 16:57:33
nessus
nessus
ESXi 6.5 / 6.7 / 7.0 RCE (VMSA-2021-0002)
2021-02-25 00:00:00
cve
cve
CVE-2021-21974
2021-02-24 17:15:16
hivepro
hivepro
The ESXiArgs ransomware attack is targeting VMware ESXi servers globally
2023-02-09 06:52:24
qualysblog
qualysblog
trellix
trellix
The Bug Report โ February 2023 Edition
2023-03-01 00:00:00
checkpoint_advisories
checkpoint_advisories
VMWare OpenSLP Heap Buffer Overflow (CVE-2019-5544; CVE-2021-21974)
2020-02-26 00:00:00
seebug
seebug
ESXi OpenSLPๅ ๆบขๅบๆผๆด๏ผCVE-2021-21974๏ผ
2021-05-25 00:00:00
cisa
cisa
VMware Releases Multiple Security Updates
2021-02-24 00:00:00
vmware
vmware
threatpost
threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14:55
malwarebytes
malwarebytes
New ESXiArgs encryption routine outmaneuvers recovery methods
2023-02-14 06:00:00
5.8 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.912 High
EPSS
Percentile
98.9%
Related for NVD:CVE-2021-21974