Critical Vulnerability in VMware vCenter Server Actively Attacked

Attackers are actively exploiting a critical vulnerability in VMware vCenter Server and VMware Cloud Foundation that makes it possible to take over vulnerable systems remotely. On May 25, VMware released security updates, but there are still unpatched servers. These are an attractive target for attackers, according to the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security.


The vulnerability, CVE-2021-21985 , has been rated 9.8 on a scale of 1 to 10 in terms of impact. VCenter is a solution for managing virtual machines and virtualized servers and comes standard with the vSAN plug-in. This plugin does not adequately verify user input, allowing an attacker with remote access to the vCenter server to execute arbitrary code. It does not matter whether vSAN is used or not.


Although security updates to fix the problem have been available since May 25, attackers are now actively exploiting the vulnerability to take over systems , the CISA warns . Security company Bad Packets also reports that attackers are looking for vulnerable servers on a large scale. An exploit to exploit the vulnerability can now be found on the internet. Organizations are therefore advised to install the patches and to apply a workaround if that is not
possible.

Previous Post Next Post