Critical vulnerability in VMware ESXi: Global wave of attacks presumably also shut down hundreds of German companies


Reading time: minutes ( words)
Hackers exploit critical vulnerability in VMware ESXi

A critical security vulnerability in the virtualization solution "ESXi" of the manufacturer VMware is currently being actively exploited by cyber criminals to attack so-called ESXi servers worldwide. According to media reports, hundreds of companies and institutions in Germany alone appear to be affected by the wave of attacks.

The perpetrators are exploiting a vulnerability in the application's OpenSLP service, which has been known for some time and has been patched by the manufacturer since February 2021, to execute malicious code and infiltrate a ransomware called "Nevada", which can be used to encrypt the virtual hard disks of guest systems.

The attacks are targeted against unpatched systems with versions 6.5.x, 6.7.x, 7.x. The security vulnerability CVE-2021-21974 is rated "high" according to CVSS with a severity level of 8.8. The BSI has declared the second-highest warning level (warning level 3/orange) due to a business-critical threat situation.

Recommendation for action:

We recommend that IT security managers immediately install the security update provided by the manufacturer in order to permanently close the vulnerability.

As a workaround, according to the manufacturer, it should also be possible to block attacks by disabling the SLP protocol on unpatched hypervisor systems. VMware has published instructions for this on the company website.

Need help upgrading your IT security for 2023? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back