Security News > 2021 > June > Attackers are scanning for vulnerable VMware servers, patch now!

Attackers are scanning for vulnerable VMware servers, patch now!
2021-06-04 18:23

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago.

Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Successful exploitation allows threat actors to take over an organization's entire network, seeing that IT teams and admins use VMware vCenter servers to manage VMware solutions deployed across enterprise environments.

VMware also warned customers to patch their systems immediately, hinting at the possibility of incoming ransomware attacks targeting unpatched and exposed Center servers.

To put things into perspective and highlight the importance of patching vulnerable vCenter servers as soon as possible, VMware's warning should be taken seriously since similarly critical VMware security flaws have been exploited in the past to deploy ransomware enterprise networks.

CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.


News URL

https://www.bleepingcomputer.com/news/security/attackers-are-scanning-for-vulnerable-vmware-servers-patch-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2021-21985 Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
network
low complexity
vmware CWE-20
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591