Skip to main content

Advisory Type: IT Security
Severity: Critical

PDS (a Converge Company) is providing the following communication to build awareness of critical vulnerabilities affecting VMware ESXi installations.

On February 3 2023, French Computer Emergency Response Team (CERT-FR) published a security advisory warning of widespread ransomware attacks leveraging a remote code execution vulnerability in VMware ESXi OpenSLP service.

The heap overflow issue in the OpenSLP service was identified in February 2021 and tracked by VMware with CVE-2021-21974. The vulnerability is being exploited to deploy a new ESXiArgs ransomware in unpatched systems.

The following VMware ESXi versions are vulnerable:

  • ESXi versions 7.x prior to ESXi70U1c-17325551
  • ESXi versions 6.7.x prior to ESXi670-202102401-SG
  • ESXi versions 6.5.x prior to ESXi650-202102101-SG

Unpatched systems are highly vulnerable to this low-complexity attack.

VMware has released updates to this vulnerability. Links to patches and additional information are available in the advisories.

We strongly advise customers to review the VMware advisory and patch all vulnerable VMware products. Converge/PDS Architects are available to assist with the assessment and mitigation, your Account Director can assist in arranging support for this issue.