# N/A
## 漏洞概述
OpenSLP 服务中存在的堆溢出漏洞可导致远程代码执行。该漏洞影响了特定版本的 ESXi 软件。
## 影响版本
- ESXi 7.0: ESXi70U1c 之前的版本 (17325551)
- ESXi 6.7: ESXi670 之前的版本 (202102401-SG)
- ESXi 6.5: ESXi650 之前的版本 (202102101-SG)
## 漏洞细节
OpenSLP 服务中的堆溢出漏洞可以通过访问 427 端口在同一个网络段的恶意行为者触发。攻击者需要在受影响的 ESXi 主机的同一网络段内具备对 427 端口的访问权限。
## 漏洞影响
恶意行为者通过触发 OpenSLP 服务中的堆溢出漏洞,可能导致远程代码执行。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | POC for CVE-2021-21974 VMWare ESXi RCE Exploit | https://github.com/Shadow0ps/CVE-2021-21974 | POC详情 |
| 2 | Analysis of the ransom demands from Shodan results | https://github.com/n2x4/Feb2023-CVE-2021-21974-OSINT | POC详情 |
| 3 | ESXi EZ - A custom scanner that takes list of IPs either in JSON, CSV or individually and checks for infection CVE-2021-21974 | https://github.com/CYBERTHREATANALYSIS/ESXi_ransomware_scanner | POC详情 |
| 4 | Nmap NSE script for cve-2021-21974 | https://github.com/hateme021202/cve-2021-21974 | POC详情 |
| 5 | ESXi EZ - A custom scanner that takes list of IPs either in JSON, CSV or individually and checks for infection CVE-2021-21974 | https://github.com/CYBERTHREATANALYSIS/ESXi-Ransomware-Scanner-mi | POC详情 |
| 6 | None | https://github.com/mercylessghost/CVE-2021-21974 | POC详情 |
| 7 | CVE-2021-21974 Vulnerability Detection Tool Safe PoC that identifies vulnerable SLP implementations without exploitation | https://github.com/abirasecurity/CVE-2021-21974_vuln_dectection | POC详情 |
暂无评论