Description Preview
Overview
The vulnerability (CWE-787: Out-of-bounds Write) exists in the OpenSLP (Service Location Protocol) service used by VMware ESXi. OpenSLP is a service discovery protocol that allows computers and other devices to find services in a local area network. When exploited, this heap overflow vulnerability could allow a malicious actor to execute arbitrary code with the privileges of the OpenSLP service on the ESXi host. Since the service typically runs with elevated privileges, successful exploitation could lead to complete compromise of the affected system. An attacker must have network access to port 427 on the ESXi host to exploit this vulnerability, but no authentication is required.
Remediation
VMware has released patches to address this vulnerability. Organizations should update to the following versions or later:
- ESXi 7.0: Update to ESXi70U1c-17325551 or later
- ESXi 6.7: Update to ESXi670-202102401-SG or later
- ESXi 6.5: Update to ESXi650-202102101-SG or later
If patching is not immediately possible, consider implementing the following mitigations:
- Disable the OpenSLP service if it is not required in your environment
- Implement network segmentation to restrict access to port 427
- Use firewall rules to limit access to the ESXi management interfaces, including port 427
- Monitor for suspicious network traffic targeting port 427
References
- VMware Security Advisory: https://www.vmware.com/security/advisories/VMSA-2021-0002.html
- Zero Day Initiative Advisory: https://www.zerodayinitiative.com/advisories/ZDI-21-250/
- Packet Storm Security - Exploit Details: http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html
- CWE-787: Out-of-bounds Write: https://cwe.mitre.org/data/definitions/787.html
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing: Medium
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- Public AdministrationPublic Administration: Low
- Finance and InsuranceFinance and Insurance: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Retail TradeRetail Trade: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- Educational ServicesEducational Services: Low
- UtilitiesUtilities: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- ConstructionConstruction: Low
- InformationInformation: Low
- MiningMining: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Wholesale TradeWholesale Trade: Low
