CVE-2021-21974

Summary

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi7.0 before ESXi70U1c-17325551affected
n/aVMware ESXi6.7 before ESXi670-202102401-SGaffected
n/aVMware ESXi6.5 before ESXi650-202102101-SGaffected
n/aVMware Cloud Foundation4.x before 4.2 and 3.xaffected

Weaknesses

  • OpenSLP heap-overflow vulnerability

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References