Security News > 2021 > September > Hackers exploiting critical VMware vCenter CVE-2021-22005 bug
Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it.
Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.
Signs of these attacks coming were seen shortly after VMware disclosed the security issue and released a patch.
Jang published technical notes for CVE-2021-22005 based on the workaround and the patch from VMware.
Currently, search engines for internet-connected devices show thousands of VMware vCenter Server instances exposed to the public internet.
Update : Shortly after publishing, BleepingComputer learned that hackers have started to exploit CVE-2021-22005 using code released by security researcher Jang.
News URL
Related news
- Iranian hackers act as brokers selling critical infrastructure access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |