Security News > 2021 > February > Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server.
Many of these servers are located in the United States, Germany, China, France and the United Kingdom.
Cybersecurity firm Positive Technologies, whose researchers discovered the flaw and reported it to VMware, has released technical details for the vulnerability after seeing that several individuals had released proof-of-concept exploit code shortly after the virtualization giant announced the availability of patches.
VMware published its advisory on February 23, and threat intelligence company Bad Packets reported on February 24 that it had already detected "Mass scanning activity" targeting vCenter servers affected by CVE-2021-21972.
Mikhail Klyuchnikov, the Positive Technologies researcher credited for finding the vulnerability, said this flaw is just as dangerous as a widely exploited Citrix vulnerability tracked as CVE-2019-19781.
News URL
Related news
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
- Targus discloses cyberattack after hackers detected on file servers (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) (source)
- Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (source)
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- GitHub Enterprise Server patches 10-outta-10 critical hole (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |