Industrial cybersecurity

Security challenges associated with ESXi Hypervisors

Security challenges associated with ESXi Hypervisors

Alert on the update required for VMWARE ESXI hypervisors

An ESXi hypervisor, also called a virtual machine monitor, is a virtualisation tool developed by VMware, for creating and managing virtual machines on a single physical server.

Vulnerability CVE-2021-21974

There has been a new wave of attacks targeting ERXi hypervisors.

There has been a new wave of attacks targeting ERXi hypervisors. There has been a new wave of attacks targeting ERXi hypervisors. Vulnerability CVE-2021-21974 allows a remote attacker to bypass the ESXi security mechanisms and execute malicious code, in particular data encryption.

This vulnerability affects ESXi versions prior to version 7.X ESXi70U1c-17325551, 6.7.X ESXi670-202102401-SG, and 6.5.X ESXi650-202102101-SG. It also affects the “Service Location Protocol (SLP)” service.

Fortunately, exploits have been available for more than one year and a security patch has been available since February 2021.

Some stats:

  • More than 3000 ESXi-type servers worldwide have been encrypted via this vulnerability
  • Between 500 and 700 ESXi hypervisors are currently victims of this cyber attack in France

DATIVE advice for avoiding this type of attack:

  • Put in place additional security measures such as dedicated firewall rules, block unused ports, etc.
  • Disable the SLP service until the security patch is installed
  • Carry out an inventory (hardware and software)
  • Make regular backups
  • Update the security patches as soon as possible
  • Sign up for a vulnerabilities monitoring service
If you have a project and would like to discuss it with our team, please get in touch!
Contact us

This website uses cookies to enhance your experience through analytics data. You can choose to accept or decline these cookies. To proceed, please select your preferred option.