Cyber criminals are scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw that was addressed last month end.

The ongoing activity was detected by Bad Packets which was confirmed by security researcher Kevin Beaumont. 

Troy Mursch, chief research officer at Bad Packets tweeted that mass scanning activity was detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution.

A proof-of-concept (PoC) RCE exploit code targeting the VMware vCenter bug was published.

The bug tracked as CVE-2021-21985 (CVSS score 9.8), is a consequence of a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which could be abused by a threat actor to execute commands with unrestricted privileges on the underlying operating system that hosts the vCenter Server.

Even though VMware had rectified the flaw on May 25, The users are strongly recommended to apply the emergency change immediately. 

The malicious actors have opportunistically mass scanned the internet for vulnerable VMware vCenter servers before also. A similar remote code execution vulnerability (CVE-2021-21972) that was patched by VMware in February was targeted in order to exploit and take control of unpatched systems.

At least 14,858 vCenter servers were found reachable over the internet at the time, according to Bad Packets and Binary Edge.

The post Critical RCE bug in VMware vCenter Server under active attack first appeared on Cybersafe News.

You May Also Like

8 critical vulnerabilities in GitLab would allow hackers to install backdoors in your code

In its most recent security release, GitLab announced the launching of GitLab…

Google Project Zero researcher finds two critical vulnerabilities in ZOOM

Natalie Silvanovich, a researcher at Google Project Zero, reported the detection of…