Security News > 2021 > June > Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching
A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild.
Attacks started roughly a week after VMware announced the availability of patches.
An attacker with access to port 443 can exploit the flaw to execute commands with elevated privileges on the operating system that hosts vCenter Server.
Vietnamese security researcher Nguyen Jang has also released a PoC exploit, as well as technical details and a video showing the exploit in action.
This is not the first time threat actors have started exploiting a vCenter Server vulnerability shortly after it was patched.
Cisco Talos reported last week that a piece of malware named Necro has been exploiting CVE-2021-21972 since at least May. Necro is designed for DDoS attacks, network traffic exfiltration, and cryptocurrency mining.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |