OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HVMware Cloud Foundation
APPVmware3.0 – 3.10.1.2 (bez)4.0 – 4.1.0.1 (bez)VMware ESXi
OSVmware6.56.77.0.0
CISA KEV — detailsi
- Vendori
- VMware ↗
- Producti
- ESXi
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
Related vulnerabilities
VMware ESXi/Workstation: TOCTOU umożliwia ucieczkę z VM przez VMX process
VMware vCenter Server — heap-overflow w DCERPC umożliwia RCE
Heap overflow w VMware vCenter Server via protokół DCERPC — RCE
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor...