Hackers have discovered an exploit for VMware vCenter vulnerability
Patch your servers immediately, VMware and security experts say
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A working exploit for a critical vulnerability inVMwarevCenterpatched last weekhas been spotted in the wild and is actively being used by threat actors, according tocybersecurityexperts.
Tracked as CVE-2021-22005, the vulnerability exists in the analytics service of vCenter Server, and can be exploited to allow attackers to remotely execute malicious code on unpatched vCenter Servers.
Several security experts had warned ofmass scanning activitywithin a day of the vulnerability’s disclosure, and the threat has become real with the discovery of a working exploit.
“On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability,” shared the US Cybersecurity and Infrastructure Security Agency (CISA) in anadvisory.
Free for all
Even about a week after VMware putting out the patch for the vulnerability, a report by security vendor Censys shows that there are about 1500 unpatched internet-facing vCenter servers that could be exploited.
Censys’ CTO Derek Abdine toldZDNetthat the security vendor had proven that remote execution of the exploit is fairly straightforward.
Commenting on the significance of the vulnerability, John Bambenek, principal threat hunter at Netenrich, toldZDNetthat remote code execution (RCE) as root on vCenter servers is pretty significant.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Almost every organization operates virtual machines and if a threat actor has root access, they couldransomevery machine in that environment or steal the data on those virtual machines with relative ease,” opined Bambenek.
ViaZDNet
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
HPE reveals critical security bug affecting networking access points
A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now
Black Friday is three weeks away - here are 18 deals at Amazon you can shop today
