CVE-2021-21974

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-21974 is a heap-overflow vulnerability discovered in VMware's ESXi OpenSLP service. This flaw allows attackers to execute arbitrary code and take control of the affected system, posing a significant threat to organizations that utilize VMware's ESXi for their virtual infrastructure management. The vulnerability was exploited during a global ransomware attack on ESXi servers, which utilized this vulnerability along with another from 2020 (CVE-2020-3992) to deploy a novel ransomware strain named ESXiArgs. The attack was first flagged by the French Computer Emergency Response Team (CERT-FR) on February 3rd and has since compromised over 3,200 servers in countries including Canada, France, Finland, Germany, and the US. The primary method of compromise was an exploit for the two-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), affecting the hypervisor's Open Service Location Protocol (OpenSLP) service. The ESXiArgs ransomware variant was spotted exploiting this patched vulnerability, demonstrating the importance of keeping systems up-to-date. Despite the patch for the CVE-2021-21974 vulnerability being available for two years, its exploitation reveals the continuous challenges faced by organizations in maintaining secure IT environments. Several agencies, including the US Cybersecurity and Infrastructure Security Agency (CISA) and France’s CERT-FR, have confirmed that the ESXiArgs ransomware campaign exploited this 2021 vulnerability. Given the popularity and wide use of VMware products, it is recommended that customers upgrade to the latest supported releases of vSphere components to address known vulnerabilities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Esxi
Ransomware
Esxiargs
Vmware
Vulnerability
Vmware’s
Exploit
RCE (Remote ...
Remote Code ...
exploited
Hypervisor
Exploits
Crowdstrike
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2019-5544Unspecified
1
CVE-2019-5544 is a significant vulnerability involving a flaw in the software design or implementation of VMWare's OpenSLP service. This vulnerability, known as a heap buffer overflow, can potentially allow an attacker to execute arbitrary code on the server and compromise the system. OpenSLP (Servi
CVE-2020-3992Unspecified
1
None
Source Document References
Information about the CVE-2021-21974 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
ESXiArgs ransomware has infected hundreds of new targets in Europe, researchers say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
CERT-EU
a year ago
Technical Advisory : Immediately Patch Your VMware ESXi Servers Targeted by Opportunistic Threat Actors – Global Security Mag Online
CERT-EU
a year ago
【資安日報】2023年2月7日,勒索軟體針對義大利組織的VMware ESXi發動攻擊、中國駭客組織假借歐盟名義散布惡意軟體PlugX
CERT-EU
a year ago
Ransomware scum attack old VMWare ESXi vulnerability
DARKReading
a year ago
Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks
BankInfoSecurity
a year ago
Massive Ransomware Campaign Targets VMware ESXi Servers
InfoSecurity-magazine
a year ago
CISA Releases Recovery Tool for VMware Ransomware Victims
DARKReading
a year ago
'MichaelKors' Showcases Ransomware's Fashionable VMware ESXi Hypervisor Trend
CERT-EU
a year ago
ICBroker Exchange Deflects Recent Ransomware Attacks, Shares Tips to Avoid Similar Incidents | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
DARKReading
a year ago
Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread
CERT-EU
a year ago
ESXiArgs Campaign Snares At Least 2,803 Victims | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
Securityaffairs
a year ago
Italy, France and Singapore Warn of a Spike in ESXI Ransomware
CERT-EU
a year ago
ESXiArgs Ransomware Campaign Facilitated by Exploiting VMware Vulnerability
CERT-EU
a year ago
Cyber security week in review: February, 10
Checkpoint
a year ago
6th February – Threat Intelligence Report - Check Point Research
Securityaffairs
a year ago
US CISA releases a script to recover servers infected with ESXiArgs ransomware
Securityaffairs
a year ago
VMware has no evidence of zero-day exploitation in ESXiArgs ransomware attacks
Malwarebytes
a year ago
Two year old vulnerability used in ransomware attack against VMware ESXi
Securityaffairs
a year ago
Italian ACN warns ransomware campaign targeting VMware ESXi
CERT-EU
a year ago
Cybersecurity threatscape: Q1 2023