CVE-2021-21974
🟠 Łataj w tym tygodniu
Przepełnienie sterty w OpenSLP w ESXi umożliwia zdalne wykonanie kodu.
CVSS
8.8
EPSS
55.7%
Exploit
poc
Vendor
vmware
Opis źródłowy (NVD)
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 55.7% |
| Opublikowano (NVD) | 2021-02-24 17:15:16 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-02 21:16:24 UTC |
Referencje
- http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html (security@vmware.com) [Exploit, Third Party Advisory, VDB Entry]
- https://www.vmware.com/security/advisories/VMSA-2021-0002.html (security@vmware.com) [Vendor Advisory]
- https://www.zerodayinitiative.com/advisories/ZDI-21-250/ (security@vmware.com) [Third Party Advisory, VDB Entry]