Security News > 2021 > June > Attackers are scanning for vulnerable VMware servers, patch now!
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago.
Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Successful exploitation allows threat actors to take over an organization's entire network, seeing that IT teams and admins use VMware vCenter servers to manage VMware solutions deployed across enterprise environments.
VMware also warned customers to patch their systems immediately, hinting at the possibility of incoming ransomware attacks targeting unpatched and exposed Center servers.
To put things into perspective and highlight the importance of patching vulnerable vCenter servers as soon as possible, VMware's warning should be taken seriously since similarly critical VMware security flaws have been exploited in the past to deploy ransomware enterprise networks.
CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.
News URL
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 9.8 |