(High) VMware ESXI vulnerability under active exploit

  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 02/06/2023

Action Level - High


External security organizations have identified a VMWare ESXi vulnerability that is currently being used to deploy ransomware. The original vulnerability, which was released in 2021, can be used by an attacker with network access to execute arbitrary code. As this is currently being exploited, we recommend investigation into potentially vulnerable devices and patching if you are running an impacted version.

Affected Devices

  • ESXi 7.0 - Versions prior to ESXi70U1c-17325551
  • ESXi 6.7 - Versions prior to ESXi670-202102401-SG
  • ESXi 6.5 - Versions prior to ESXi650-202102101-SG

Attack Vector

An attacker residing within the same network segment as ESXi with access to port 427.

Attack Feasibility

Attackers have been observed utilizing this vulnerability to execute code and deploy ransomware.


Update to a current, supported version of ESXi.

Vendor Resources

PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC