start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

The news media is reporting ransomware attacks using vulnerable VMware ESXi hypervisors exploiting CVE-2021-21974. Attack campaigns are targeting unpatched and internet-exposed instances using CVE-2021–21974, a VMware ESXi OpenSLP HeapOverflow leading to a remote code execution (RCE).

The attack campaigns appear to be exploiting CVE-2021-21974 for which a patch has been available since February 23, 2021. Systems running ESXi versions 7.0, 6.7 and 6.5 are currently being targeted and pose the greatest threat.

What is CVE-2021-21974? In VMware’s advisory, VMSA-2021-0002  for describes CVE-2021-21974 (CVSS 8.8) as letting a “malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

What should organizations do?

  1. Identify which ESXi servers are vulnerable in your environment.
  2. As an interim solution, system administrators should ensure unpatched ESXi servers are firewalled, with no ports exposed. VMWare is urging users to stop the SLP service on the ESXi host or restrict access to only trusted IP addresses (
  3. Apply the latest security patch for ESXi as soon as possible.
  4. Immediate report any related security incident to CISA or the FBI.

How can BigFix help?

Organizations using BigFix have the most effective tool for finding vulnerable ESXi systems and remediating CVE-2021-21974. BigFix automates discovery, management, and remediation of all endpoints whether on-premises, mobile, virtual, or in the cloud – regardless of the operating system, location, or connectivity. BigFix Insights for Vulnerability Remediation integrates with leading vulnerability management solutions like Tenable to remediate vulnerabilities faster than any other solution in the market. For more information about HCLBigFix.

Comment wrap
Automation | September 6, 2023
BigFix Runbook AI Enables Organizations to Streamline IT Operations and Improve Productivity
Come check out how BigFix’s new Runbook AI feature enables organizations to streamline their IT operations and improve productivity.
Automation | August 4, 2023
Using Threat Intelligence for Proactive Protection
Learn how organizations can proactively combine the power of automation with reliable threat intelligence to keep cyber threats at bay.
Automation | August 4, 2023
Genuine Parts Company and ESM Technology Inc Develops Innovative Visibility and Analytics Solution Using BigFix
Read the blog and learn how Genuine Parts Company and ESM Technology Inc develops innovative visibility and analytics solution using BigFix