Security News > 2021 > February > VMware patches bug that put many large networks at risk
VMware has fixed a serious flaw in its vCenter Server VMware utility that could have opened the door for hackers to remotely execute code on a vulnerable server.
In a press release published Wednesday, Positive Technologies, which discovered and alerted VMware to the bug, said attackers could have exploited the vCenter Server bug to take over unpatched VMware servers and gain access to local network resources.
The major threat would have come from hackers who had penetrated the security of a network perimeter through social engineering or web vulnerabilities, or who had gained access to a network using previously created backdoors.
Last August, Positive Technologies revealed the results of penetration testing through which it was able to breach the network perimeter and obtain access to local network resources in 93% of companies.
This remote code execution flaw specifically affects the vSphere Client, which is a plugin for the vCenter Server used by many large companies to manage their local VMware product installations.
More than 6,000 VMware vCenter devices worldwide contain the vulnerability, according to Positive Technologies.