Security News > 2021 > June > Attackers scan for unpatched VMware vCenter servers, PoC exploit available
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago.
Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Successful exploitation allows threat actors to take over an organization's entire network, seeing that IT teams and admins use VMware vCenter servers to manage VMware solutions deployed across enterprise environments.
VMware also warned customers to patch their systems immediately, hinting at the possibility of incoming ransomware attacks targeting unpatched and exposed Center servers.
To put things into perspective and highlight the importance of patching vulnerable vCenter servers as soon as possible, VMware's warning should be taken seriously since similarly critical VMware security flaws have been exploited in the past to deploy ransomware enterprise networks.
CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-26 | CVE-2021-21985 | Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. | 9.8 |