Critical RCE bug found in VMware vCenter Server exploited in wild

Cyber criminals are searching the internet for unpatched VMware vCenter servers that are vulnerable to a serious remote code execution bug that was fixed at the end of last month.

Bad Packets discovered the continuous behavior, which was validated by security researcher Kevin Beaumont.

Mass scanning activity was observed from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution, according to Troy Mursch, chief research officer at Bad Packets.

The RCE exploit code for the VMware vCenter vulnerability has been released as a proof-of-concept (PoC).

Exploit, Proof of Concept, RCE, Remote Code Execution, vCenter Server, VMware, Vulnerability, Security, InfoSec, Computer Security, VMware exploit, Vmware vCenter exploit, Bad Packets, VMware vCenter, antivirus, Computer Security, computers, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, cyberattack, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news now, cybersecurity news today, dark web, data breach, Data leak, data stealing malware, DDoS, Distributed Denial of Service, Email, email security, hacker news, Hacks, Infected Installer, information security, InfoSec, infosec news, latest cybersecurity news today, latest whatsapp scam, linux, Mac, Malicious email campaign, Malvertising, Malware, malware app, malware removal, mining bots, Mobile Security, network security, online security, personal data exposed, Phishing, Privacy, python bot, Qbot, ransomware, ransomware attack, ransomware attacks 2021, ransomware gang, ransomware group, ransomware malware, ransomware news, RCE, recent ransomware attacks, Remote Access Trojan, Remote Code Execution, remote desktop app, remote desktop app virus, remote desktop malware, REvil, rootkit, Security, smartphone, software vulnerability, Spam, spyware, Supply Chain, tech, tech news, tech support, tech updates, technical support, Technology, trojan, virus, virus removal, Vulnerabilities, Vulnerability, Web Security, what is ransomware, latest cybernews today, — *Bad Packets Twitter screenshot*

The vulnerability, identified as CVE-2021-21985 (CVSS 9.8), is caused by a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which could be exploited by a threat actor to execute commands with unrestricted privileges on the underlying operating system hosting the vCenter Server.

Despite the fact that VMware fixed the bug on May 25, users are strongly advised to make the emergency change right away.

“In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” VMware said.

Malicious actors have previously used opportunistic mass scanning to look for vulnerable VMware vCenter servers on the internet.

In order to exploit and take control of unpatched systems, a similar remote code execution vulnerability (CVE-2021-21972) that was patched by VMware in February was targeted.

According to Bad Packets and Binary Edge, at least 14,858 vCenter servers were reachable over the internet at the time.

Furthermore, according to a new Cisco Talos report released earlier this week, the threat actor behind the Python-based Necro bot wormed its way into vulnerable VMware vCenter servers by exploiting the same security flaw to increase the malware’s infection dissemination capabilities.

Also read: Necro Python bot enhanced with new VMWare, server exploits

Original source: THN

Related Posts

Uproar Over iPhone Design Leak-Takes After The Android Phone More Than Ever

iOS 16.3 updates to add some more oomph to your iPhone

Google drums up a tracker version on the lines of the Apple AirTag tracker

Vande Bharat Express to go commercial on its maiden run on Jan 1 2023