Security News > 2021 > February > Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.
Many of these servers are located in the United States, Germany, China, France and the United Kingdom.
Cybersecurity firm Positive Technologies, whose researchers discovered the flaw and reported it to VMware, has released technical details for the vulnerability after seeing that several individuals had released proof-of-concept exploit code shortly after the virtualization giant announced the availability of patches.
VMware published its advisory on February 23, and threat intelligence company Bad Packets reported on February 24 that it had already detected "Mass scanning activity" targeting vCenter servers affected by CVE-2021-21972.
Mikhail Klyuchnikov, the Positive Technologies researcher credited for finding the vulnerability, said this flaw is just as dangerous as a widely exploited Citrix vulnerability tracked as CVE-2019-19781.
News URL
Related news
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |