Security News > 2021 > June > Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching

Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching
2021-06-07 10:55

A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild.

Attacks started roughly a week after VMware announced the availability of patches.

An attacker with access to port 443 can exploit the flaw to execute commands with elevated privileges on the operating system that hosts vCenter Server.

Vietnamese security researcher Nguyen Jang has also released a PoC exploit, as well as technical details and a video showing the exploit in action.

This is not the first time threat actors have started exploiting a vCenter Server vulnerability shortly after it was patched.

Cisco Talos reported last week that a piece of malware named Necro has been exploiting CVE-2021-21972 since at least May. Necro is designed for DDoS attacks, network traffic exfiltration, and cryptocurrency mining.


News URL

http://feedproxy.google.com/~r/securityweek/~3/pV9l0Sf_wI0/attacks-exploiting-vmware-vsphere-flaw-spotted-one-week-after-patching

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2021-21972 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin.
network
low complexity
vmware CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591