Security News > 2021 > September > Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

Hackers are scanning for VMware CVE-2021-22005 targets, patch now!
2021-09-22 21:44

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.

While exploit code is not yet publicly available, ongoing scanning activity was already spotted by threat intelligence company Bad Packets 12 hours ago after some of its VMware honeypots began recording attackers probing for the presence of the critical bug.

"CVE-2021-22005 scanning activity detected from 116[.]48.233.234," Bad Packets tweeted earlier today, later adding that the scans are using workaround information provided by VMware for customers who couldn't immediately patch their appliances.

In June, scanning began for Internet-exposed VMware vCenter servers left vulnerable to CVE-2021-21985 RCE exploits after exploit code was published online.

These ongoing scans follow a warning issued by VMware yesterday to highlight the importance of patching servers against the CVE-2021-22005 bug as soon as possible.

"This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware.


News URL

https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-23 CVE-2021-22005 Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service.
network
low complexity
vmware CWE-22
critical
9.8
2021-05-26 CVE-2021-21985 Improper Input Validation vulnerability in VMWare Vcenter Server 6.5/6.7/7.0
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
network
low complexity
vmware CWE-20
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 85 404 200 101 790