Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-21974 PoC — 威睿 VMware ESXi 缓冲区错误漏洞

Source
https://github.com/abirasecurity/CVE-2021-21974_vuln_dectection
Associated Vulnerability
Title:威睿 VMware ESXi 缓冲区错误漏洞 (CVE-2021-21974)
Description:OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
Description
CVE-2021-21974 Vulnerability Detection Tool Safe PoC that identifies vulnerable SLP implementations without exploitation
Readme
# CVE-2021-21974 Vulnerability Detector

A Python-based security tool for detecting CVE-2021-21974 vulnerability in SLP (Service Location Protocol) implementations, specifically targeting VMware ESXi systems. This tool performs safe, non-exploitative detection by analyzing SLP service responses and implementation behaviors.

## Description

CVE-2021-21974 is a critical heap-overflow vulnerability in the SLP service of VMware ESXi that can lead to remote code execution. This detector tool safely identifies potentially vulnerable systems by:

- Testing SLP service availability and responsiveness
- Fingerprinting SLP implementation versions
- Analyzing boundary condition handling
- Testing malformed packet responses
- Assessing vulnerability likelihood based on implementation characteristics

The tool is designed as a **safe proof-of-concept** that identifies vulnerable systems without performing actual exploitation.

## Features

- **Non-destructive scanning**: Safe detection without exploitation attempts
- **SLP service fingerprinting**: Identifies VMware ESXi implementations
- **Boundary condition testing**: Tests parsing limits without triggering overflows
- **Malformed packet analysis**: Evaluates error handling capabilities
- **Comprehensive reporting**: Detailed scan results with timestamps
- **Timeout handling**: Prevents hanging on unresponsive services
- **Connection management**: Proper socket handling and cleanup

## Requirements

- Python 3.x
- Standard Python libraries:
  - `socket`
  - `struct`
  - `sys`
  - `time`
  - `datetime`

## Installation

1. Clone or download the script:

    wget https://example.com/CVE-2021-21974_detector.py

    curl -O https://example.com/CVE-2021-21974_detector.py

2. Make the script executable:

    chmod +x CVE-2021-21974_detector.py

3. Verify Python 3 installation:

    python3 --version

## Usage

### Basic Usage

Run the detector against a target IP address:

    python3 CVE-2021-21974_detector.py <IP>

### Configuration

The tool uses the following default settings that can be modified in the source code:

    Default SLP Port: 427 (TCP)
    Connection Timeout: 5 seconds for initial connection, 3 seconds for boundary tests
    Response Timeout: 2 seconds for malformed packet tests
    Buffer Size: 1024 bytes for response reception

### Customizing Parameters

To modify default settings, edit the SLPVulnDetector class initialization:
Python

Change default port
    detector = SLPVulnDetector(target_ip, port=427)

Modify timeouts in respective methods

    sock.settimeout(10)  # Increase timeout to 10 seconds
File Snapshot

 [4.0K]  /data/pocs/3ee1777088c210b227200bd34f52b2c2abb84ee5
├── [9.5K]  CVE-2021-21974_detector.py
└── [2.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →