Since I couldn’t find any existing PoC on the internet, I thought it would be neat to develop an exploit based on Lucas’ approach. Lucas wrote a brief overview on how to exploit the vulnerability but share no reference to a PoC. Through googling, I found a blog post by Lucas Leong ( of Trend Micro’s Zero Day Initiative, who is the security researcher that found this bug. Upon inspecting any known vulnerabilities associated with this version of the software, I identified it may be vulnerable to ESXi OpenSLP heap-overflow (CVE-2021–21974). ![]() ![]() ![]() Original text by Johnny Yu ( a recent engagement, I discovered a machine that is running VMware ESXi 6.7.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |