Security News > 2021 > February > Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.
Many of these servers are located in the United States, Germany, China, France and the United Kingdom.
Cybersecurity firm Positive Technologies, whose researchers discovered the flaw and reported it to VMware, has released technical details for the vulnerability after seeing that several individuals had released proof-of-concept exploit code shortly after the virtualization giant announced the availability of patches.
VMware published its advisory on February 23, and threat intelligence company Bad Packets reported on February 24 that it had already detected "Mass scanning activity" targeting vCenter servers affected by CVE-2021-21972.
Mikhail Klyuchnikov, the Positive Technologies researcher credited for finding the vulnerability, said this flaw is just as dangerous as a widely exploited Citrix vulnerability tracked as CVE-2019-19781.
News URL
Related news
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Critical FortiSwitch flaw lets hackers change admin passwords remotely (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical flaws fixed in Nagios Log Server (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |