Security News > 2021 > February > Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," noted Mikhail Klyuchnikov, the Positive Technologies researcher who unearthed this latest critical VMware flaw.
Positive Technologies have found over 6,000 vulnerable VMware vCenter devices accessible from the internet, a quarter of these which are located in the United States, followed by Germany, France, China, Great Britain, Canada, Russia, Taiwan, Iran, and Italy.
Several PoC exploit scripts have already popped up on GitHub, and Klyuchnikov followed with the release of additional technical details about the vulnerability, as well as the whole process of getting RCE on Windows and Linux.
Alongside CVE-2021-21972, VMware has also fixed CVE-2021-21973, a SSRF vulnerability in the vSphere Client also discovered by Klyuchnikov, and CVE-2021-21974, a heap-overflow vulnerability in ESXi, reported by Lucas Leong of Trend Micro's Zero Day Initiative.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/b3zbSkdzmyc/
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Critical security hole in Apache Struts under exploit (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |