Security News > 2021 > February > Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
"In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix," noted Mikhail Klyuchnikov, the Positive Technologies researcher who unearthed this latest critical VMware flaw.
Positive Technologies have found over 6,000 vulnerable VMware vCenter devices accessible from the internet, a quarter of these which are located in the United States, followed by Germany, France, China, Great Britain, Canada, Russia, Taiwan, Iran, and Italy.
Several PoC exploit scripts have already popped up on GitHub, and Klyuchnikov followed with the release of additional technical details about the vulnerability, as well as the whole process of getting RCE on Windows and Linux.
Alongside CVE-2021-21972, VMware has also fixed CVE-2021-21973, a SSRF vulnerability in the vSphere Client also discovered by Klyuchnikov, and CVE-2021-21974, a heap-overflow vulnerability in ESXi, reported by Lucas Leong of Trend Micro's Zero Day Initiative.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/b3zbSkdzmyc/
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-24 | CVE-2021-21974 | Out-of-bounds Write vulnerability in VMWare Cloud Foundation and Esxi OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. | 8.8 |