Skip to content

Latest commit

 

History

History
50 lines (44 loc) · 3.9 KB

CVE-2021-21974_VMware-ESXi.md

File metadata and controls

50 lines (44 loc) · 3.9 KB

CSIRTs Network - ESXiArgs ransomware (CVE-2021-21974)
Date 7-2-2023
Number CNW-2023-01
Keywords VMware ESXiArgs ransomware
CVE CVE-2021-21974
Details ESXiArgs ransomware was recently reported exploiting CVE-2021-21974, a critical privilege escalation vulnerability impacting the VMware ESXi OpenSLP service (typically running on port 427) which can lead to remote code execution (RCE), in infecting hundreds of vulnerable ESXi servers worldwide in early February 2023. Most of the affected organizations were using ESXi servers rented from cloud providers.
Mitigation To mitigate attacks, organizations running VMWare servers are advised to patch ESXi servers, move to a version not affected by the attacks (such as v8), or disable the OpenSLP service. For additional details please refer to the specific CNW member advisories referenced below.

List of CSIRTs Network member alerts

Country Organisation Language Warning
AT CERT.at DE Massive VMware ESXi Verschlüsselungs-Welle
BE CERT.be EN Warning - Attackers are actively exploiting VMware ESXi servers to deploy ransomware
BG CERT Bulgaria BG
CZ CSIRT.CZ CS
CZ GovCERT.CZ CS
CY CSIRT-CY EN
DE CERT-Bund DE Schwachstelle in VMware ESXi weltweit massiv ausgenutzt
DK CFCS DA
EE CERT-EE EE
ES CCN-CERT ES CCN-CERT AV 01/23 Campaña de explotación de vulnerabilidades de Vmware ESXi
ES INCIBE ES
EU CERT-EU EN
FI NCSC-FI FI Haavoittuvuuksia VMwaren tuotteissa - päivitä heti
FR CERT-FR FR Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi
GR GR-CSIRT EL
HR CERT.hr HR [UPOZORENJE] Iskorištavanje ranjivosti VMware ESXi hipervizora za ransomware napade
HR CERT ZSIS HR
HU NCSC-HU HU VMwre ESXi szerverek elleni tömeges zsarolóvírus támadásokról érkezett figyelmeztetés
IE CSIRT-IE EN
IT CSIRT-ITA IT Rilevato lo sfruttamento massivo della CVE-2021–21974 in VMWare ESXi
LT CERT-LT LT
LU CIRCL EN
MT CSIRTMalta EN
NL NCSC-NL NL Oude kwetsbaarheid in VMWare ESXi actief misbruikt
NL CSIRT-DSP NL
PL CERT.PL PL
PT CERT.PT PT Alerta de Vulnerabilidades - VMware ESXi
RO CERT-RO RO Alertă de vulnerabilitate - VMware ESXi
SE CERT-SE SV
SI SI-CERT SL
SK SK-CERT SK

For more information on the CSIRTs Network Members please visit https://csirtsnetwork.eu/