CVE-2021-21974:

Heap Overflow Vulnerability in VMware ESXi OpenSLP Service

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.8High

Published Date:Feb 24, 2021
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:55.0
EPSS Percentile:98%

Exploitability

Score:2.8
Attack Vector:ADJACENT_NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Heap Overflow Vulnerability in VMware ESXi OpenSLP Service

Overview

The vulnerability (CWE-787: Out-of-bounds Write) exists in the OpenSLP (Service Location Protocol) service used by VMware ESXi. OpenSLP is a service discovery protocol that allows computers and other devices to find services in a local area network. When exploited, this heap overflow vulnerability could allow a malicious actor to execute arbitrary code with the privileges of the OpenSLP service on the ESXi host. Since the service typically runs with elevated privileges, successful exploitation could lead to complete compromise of the affected system. An attacker must have network access to port 427 on the ESXi host to exploit this vulnerability, but no authentication is required.

Remediation

VMware has released patches to address this vulnerability. Organizations should update to the following versions or later:
ESXi 7.0: Update to ESXi70U1c-17325551 or later
ESXi 6.7: Update to ESXi670-202102401-SG or later
ESXi 6.5: Update to ESXi650-202102101-SG or later
If patching is not immediately possible, consider implementing the following mitigations:
1. Disable the OpenSLP service if it is not required in your environment
2. Implement network segmentation to restrict access to port 427
3. Use firewall rules to limit access to the ESXi management interfaces, including port 427
4. Monitor for suspicious network traffic targeting port 427