Rackspace Response to ‘ESXiArgs’ Ransomware Attack
by Marc Nourani, Director, Incident Change Problem Management Operations, Rackspace Technology
Rackspace Technology is aware of an update to the previously published OpenSLP security vulnerability (CVE-2021-21974) impacting VMware ESXi. Our partner VMware published an article available here: https://blogs.vmware.com/security/2023/02/83330.html. When the vulnerability was first announced in February 2021, Rackspace engineers performed the initial assessment and notified affected customers if further action was needed.
Rackspace standard VMware environments are designed with an architecture that prevents public access to VMware vCenters and Hypervisors – this design decreases the risk of exploitation of this vulnerability.
Out of an abundance of caution and in response to this updated CVE article, Rackspace engineers disabled the OpenSLP service advised by VMware to increase the mitigation efforts on our managed VMware environments.
Additionally, our security teams will continue to actively monitor the situation and, to date, have not identified any associated impacted systems.
If you have any questions, please contact a member of your support team via https://www.rackspace.com/login.
Security Awareness Recommendation
September 28th, 2023
Update: Decommission of TLS v1.0 and v1.1 - Rackspace Customer Identity API Endpoint
September 21st, 2023