Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985.
The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. The vulnerability has received a CVSS score of 9.8 and impacts vCenter Server 6.5, 6.7, and 7.0.
“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.” reads the advisory published by the virtualization giant. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
According to the virtualization giant, a remote attacker can exploit the issue to gain access to a vCenter installs exposed online, whether a customer uses vSAN or not.
The scanning activity was first reported by the threat intelligence firm Bad Packets.
The availability of a proof-of-concept (PoC) exploit code for the CVE-2021-21985 RCE make it easy for thereat actors to target vulnerable installs.
At the time of this writing, thousands of vulnerable vCenter servers are still exposed online.
VMware customers have to patch their systems immediately to prevent threat actors from exploiting vulnerabilities affecting the solutions of the virtualization giant.
(SecurityAffairs – hacking, Epsilon Red ransomware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.