Cybersecurity researchers from threat intelligence firm Bad Packets revealed that enterprise software provider VMware’s 6,700 servers are exposed online and vulnerable to cyberattacks. Threat actors can exploit the unsecured servers to deploy the malware into unpatched devices and compromise entire corporate networks.
We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://t.co/t3Gv2ZgTdt).
Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel https://t.co/AcSZ40U5Gp
— Bad Packets (@bad_packets) February 24, 2021
Researchers claimed that they’ve identified mass scanning activity of cybercriminals targeting vulnerable VMware servers. Besides, a Chinese security researcher published a proof-of-concept code for a vulnerability “CVE-2021-21972” in VMware servers.
Affected products from CVE-2021-21972 flaw include:
- VMware ESXi
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
VMware Fixes the Issues
VMware issued security fixes for multiple flaws including CVE-2021-21973, CVE-2021-21974, and CVE-2021-21972. “Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products,” VMware said.
The remote code execution vulnerabilities in the vCenter Server plugin could allow a malicious actor with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system that hosts the vCenter Server.
VMware stated that more than 6,700 vCenter servers online are now vulnerable to takeover attacks if administrators failed to apply the patches. The company urged customers to update their systems as early as possible to avoid any cyber risks.
Ransomware Operators Exploit VMWare Flaws
According to a recent report, ransomware operators are reportedly exploiting two previously known vulnerabilities in VMWare ESXi logged under CVE-2019-5544 and CVE-2020-3992 to target their victims’ virtual hard disks. ESXi is a solution that allows multiple virtual machines to share the same hard drive storage. Read more…
