02.06.2023

(High) VMware ESXI vulnerability under active exploit

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 02/06/2023

Action Level - High

Description

External security organizations have identified a VMWare ESXi vulnerability that is currently being used to deploy ransomware. The original vulnerability, which was released in 2021, can be used by an attacker with network access to execute arbitrary code. As this is currently being exploited, we recommend investigation into potentially vulnerable devices and patching if you are running an impacted version.

Affected Devices

  • ESXi 7.0 - Versions prior to ESXi70U1c-17325551
  • ESXi 6.7 - Versions prior to ESXi670-202102401-SG
  • ESXi 6.5 - Versions prior to ESXi650-202102101-SG

Attack Vector

An attacker residing within the same network segment as ESXi with access to port 427.

Attack Feasibility

Attackers have been observed utilizing this vulnerability to execute code and deploy ransomware.

Remediation

Update to a current, supported version of ESXi.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • twitter
  • facebook
  • youtube
© 2023 MCNC