Security News > 2021 > February > Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," noted Mikhail Klyuchnikov, the Positive Technologies researcher who unearthed this latest critical VMware flaw.
Positive Technologies have found over 6,000 vulnerable VMware vCenter devices accessible from the internet, a quarter of these which are located in the United States, followed by Germany, France, China, Great Britain, Canada, Russia, Taiwan, Iran, and Italy.
Several PoC exploit scripts have already popped up on GitHub, and Klyuchnikov followed with the release of additional technical details about the vulnerability, as well as the whole process of getting RCE on Windows and Linux.
Alongside CVE-2021-21972, VMware has also fixed CVE-2021-21973, a SSRF vulnerability in the vSphere Client also discovered by Klyuchnikov, and CVE-2021-21974, a heap-overflow vulnerability in ESXi, reported by Lucas Leong of Trend Micro's Zero Day Initiative.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/b3zbSkdzmyc/
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |