Security News > 2021 > June > Attackers scan for unpatched VMware vCenter servers, PoC exploit available

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago.

Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Successful exploitation allows threat actors to take over an organization's entire network, seeing that IT teams and admins use VMware vCenter servers to manage VMware solutions deployed across enterprise environments.

VMware also warned customers to patch their systems immediately, hinting at the possibility of incoming ransomware attacks targeting unpatched and exposed Center servers.

To put things into perspective and highlight the importance of patching vulnerable vCenter servers as soon as possible, VMware's warning should be taken seriously since similarly critical VMware security flaws have been exploited in the past to deploy ransomware enterprise networks.

CISAgov is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation.

News URL

https://www.bleepingcomputer.com/news/security/attackers-scan-for-unpatched-vmware-vcenter-servers-poc-exploit-available/