Security News > 2024 > January > VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
vCenter Server is a management platform for VMware vSphere environments that helps administrators manage ESX and ESXi servers and virtual machines.
According to Shodan data, more than 2,000 VMware Center servers are currently exposed online, potentially vulnerable to attacks and exposing corporate networks to breach risks given their vSphere management role.
In June, VMware also fixed multiple high-severity vCenter Server security flaws posing code execution and authentication bypass risks to vulnerable servers.
The same week, the company fixed an ESXi zero-day used by Chinese state hackers in data theft attacks and warned customers of another actively exploited critical Aria Operations for Networks flaw.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical GitHub Attack (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical auth bypass bug in CrushFTP now exploited in attacks (source)