Information security specialists discovered attacks on a critical vulnerability in VMware vCenter

vulnerability in VMware vCenter
Written by Emma Davis

Experts warned that cybercriminals are already actively scanning the network in search of VMware vCenter servers with critical vulnerabilities. Many are at risk of the recently corrected RCE issue CVE-2021-21985, which scored 9.8 out of 10 on the CVSS v3 vulnerability rating scale.

Analysts from Bad Packets write about the scans that have begun.

Mass scanning activity detected from checking for VMware vSphere hosts vulnerable to remote code execution (CVE-2021-21985).official Bad Packetsโ€™ Twitter reports.
I am also seeing scanning of this VMware vCenter vulnerability in my honeypots in past day. CVSS 9.8 unauthenticated remote code execution in VMware vCenter (which by design accesses ESXi etc) in default config. Y’all want to keep calm and patch this before exploit details public.the famous information security expert Kevin Beaumont also told.

According to the search engine Shodan, there are currently several thousands of vulnerable vCenter servers on the network. And it is necessary to understand that this product is not used by individuals and even small businesses, that is, we are talking about large companies and organizations.

vulnerability in VMware vCenter

As a reminder, the CVE-2021-21985 issue was detected in the Virtual SAN Health Check plugin included by default with vCenter. An attacker can use this bug to run whatever they want on a vulnerable host (if they have access to port 443). That is, unauthenticated attackers can exploit the problem, and such attacks do not require any interaction with the user.

Even worse, exploits for this bug have already been published online.

Since such vulnerabilities have been used more than once in the past for destructive attacks (usually ransomware) against large companies, VMware representatives issued an official warning to their customers. In a statement, the company calls for timely installation of updates, as well as beware of ransomware attacks:

In the era of ransomware, the safest thing to do is to assume that an attacker is already somewhere on the network, on the desktop, or perhaps already in control of a user account. Therefore, we strongly recommend that you install the emergency updates and patches as soon as possible.

Let me remind you that we already reported that VMware Alerts That Critical Vulnerability Has Been Found In vCenter Server.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.