Security News > 2021 > February > Attackers scan for vulnerable VMware servers after PoC exploit release

After security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers.
We've detected mass scanning activity targeting vulnerable VMware vCenter servers.
Successful exploitation of this security bug allows attackers to take over an organization's entire network, given that VMware vCenter servers are used by IT admins to manage VMware solutions deployed across their enterprise environments via a single console.
"The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explained.
To highlight the importance of patching vulnerable vCenter servers exposed and avoiding exposing them over the Internet, VMware vulnerabilities have been exploited in the past in ransomware attacks targeting enterprise networks.
Multiple ransomware gangs, including RansomExx, Babuk Locker, and Darkside, have used VMWare ESXi pre-auth RCE exploits to encrypt ESXi instances' virtual hard disks used as centralized enterprise storage space, as ZDNet reported last year.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released (source)