Multiple vulnerabilities were identified in VMware products, a malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
The following systems/applications are affected:
- VMware vCenter Server version 7.0, 6.7 and 6.5
- VMware ESXi version 7.0, 6.7 and 6.5.0
VMware have released a security update to address vulnerabilities in VMware vCenter Server and VMware ESX.
For more details, please refer to:
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Matsco Solutions are currently testing the fix to ensure there are no issues with it and will be reaching out to clients running VMware to schedule updates to their environments.
Please contact the Matsco Solutions team on the below if you would like any further information.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post