ESXiArgs Ransomware Targets ESXi OpenSLP Vulnerability (CVE-2021-21974)

February 8, 2023

VMware ESXi servers vulnerable to a heap-overflow defect in OpenSLP are being actively targeted. Successful infections result in systems infected with ESXiArgs ransomware. The flaw is tracked under CVE-2021-21974. CERT-FR recalls that the CVE-2021-21974 vulnerability affects the following systems: ESXi 7.x versions earlier than ESXi70U1c-17325551 ESXi versions 6.7.x earlier than ESXi670-202102401-SG ESXi versions 6.5.x earlier than ESXi650-202102101-SG CERT-FR recommends applying without delay the workaround, which consists of disabling the SLP service on ESXi hypervisors that have not been updated.
Subscribe