HCL SW Blogs
Select Page

The news media is reporting ransomware attacks using vulnerable VMware ESXi hypervisors exploiting CVE-2021-21974. Attack campaigns are targeting unpatched and internet-exposed instances using CVE-2021–21974, a VMware ESXi OpenSLP HeapOverflow leading to a remote code execution (RCE).

The attack campaigns appear to be exploiting CVE-2021-21974 for which a patch has been available since February 23, 2021. Systems running ESXi versions 7.0, 6.7 and 6.5 are currently being targeted and pose the greatest threat.

What is CVE-2021-21974? In VMware’s advisory, VMSA-2021-0002  for describes CVE-2021-21974 (CVSS 8.8) as letting a “malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

What should organizations do?

  1. Identify which ESXi servers are vulnerable in your environment.
  2. As an interim solution, system administrators should ensure unpatched ESXi servers are firewalled, with no ports exposed. VMWare is urging users to stop the SLP service on the ESXi host or restrict access to only trusted IP addresses (https://kb.vmware.com/s/article/76372).
  3. Apply the latest security patch for ESXi as soon as possible.
  4. Immediate report any related security incident to CISA or the FBI.

How can BigFix help?

Organizations using BigFix have the most effective tool for finding vulnerable ESXi systems and remediating CVE-2021-21974. BigFix automates discovery, management, and remediation of all endpoints whether on-premises, mobile, virtual, or in the cloud – regardless of the operating system, location, or connectivity. BigFix Insights for Vulnerability Remediation integrates with leading vulnerability management solutions like Tenable to remediate vulnerabilities faster than any other solution in the market. For more information about HCLBigFix.

Comment wrap
Further Reading
BigFix on Cloud
Automation | February 20, 2023
Accelerate Your Endpoint Management with BigFix on Cloud
As endpoints continue to grow in volume and diversity, managing and securing them has become more complex and time-consuming.
Oracle Increases Prices for Java
Automation | February 8, 2023
Oracle Increases Prices for Java – Look to BigFix for a Solution
To help our customers navigate this Oracle change, BigFix Inventory can identify which machines have Oracle Java to avoid unexpected license compliance issues.
Zero Trust Security
Automation | February 6, 2023
Zero Trust Security: How To Get Your Endpoints Ready
The attacks that exploited the Log4J vulnerability illustrated that malicious actors work quickly to find new ways of compromising organizations. This trend has been growing for several years, making it clear that organizations need to detect and respond to threats much faster than traditional, perimeter-based approaches allow. That’s why both the government and the private sectors have been embracing the paradigm shift to Zero Trust security.
Filters result by