Security News > 2024 > January > VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines.
According to Shodan data, more than 2,000 VMware Center servers are currently exposed online, potentially vulnerable to attacks and exposing corporate networks to breach risks given their vSphere management role.
In June, VMware also fixed multiple high-severity vCenter Server security flaws posing code execution and authentication bypass risks to vulnerable servers.
The same week, the company fixed an ESXi zero-day used by Chinese state hackers in data theft attacks and warned customers of another actively exploited critical Aria Operations for Networks flaw.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)