Security News > 2021 > February > Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.
Many of these servers are located in the United States, Germany, China, France and the United Kingdom.
Cybersecurity firm Positive Technologies, whose researchers discovered the flaw and reported it to VMware, has released technical details for the vulnerability after seeing that several individuals had released proof-of-concept exploit code shortly after the virtualization giant announced the availability of patches.
VMware published its advisory on February 23, and threat intelligence company Bad Packets reported on February 24 that it had already detected "Mass scanning activity" targeting vCenter servers affected by CVE-2021-21972.
Mikhail Klyuchnikov, the Positive Technologies researcher credited for finding the vulnerability, said this flaw is just as dangerous as a widely exploited Citrix vulnerability tracked as CVE-2019-19781.
News URL
Related news
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical AMI MegaRAC bug can let attackers hijack, brick servers (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |