Security News > 2021 > February > Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," noted Mikhail Klyuchnikov, the Positive Technologies researcher who unearthed this latest critical VMware flaw.
Positive Technologies have found over 6,000 vulnerable VMware vCenter devices accessible from the internet, a quarter of these which are located in the United States, followed by Germany, France, China, Great Britain, Canada, Russia, Taiwan, Iran, and Italy.
Several PoC exploit scripts have already popped up on GitHub, and Klyuchnikov followed with the release of additional technical details about the vulnerability, as well as the whole process of getting RCE on Windows and Linux.
Alongside CVE-2021-21972, VMware has also fixed CVE-2021-21973, a SSRF vulnerability in the vSphere Client also discovered by Klyuchnikov, and CVE-2021-21974, a heap-overflow vulnerability in ESXi, reported by Lucas Leong of Trend Micro's Zero Day Initiative.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/b3zbSkdzmyc/
Related news
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Zyxel issues emergency RCE patch for end-of-life NAS devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 5.8 |