VMware vCenter Server exploited by threat actors

The VMware vCenter Server Vulnerability

Vulnerabilities detected on the VMware vCenter Server and the VMware Cloud Foundation have been reported to be actively targeted by hackers in the wild. Companies utilizing these software solutions must upgrade as quickly as possible to ensure protection. This warning was recently issued by The US Cybersecurity and Infrastructure Security Agency.

VMware VCenter Server

Two major remote code execution vulnerabilities were patched by VMware on May 25th. Officially tracked as CVE-2021-21985 and CVE-2021-21986, the two flaws, with a severity rating of 9.8 out of 10, are related to the VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation).

A risk of malicious actors exploiting the CVE-2021-21985 vulnerability has been recently identified by CISA. In relation to that discovery, the agency recommends to all organizations to apply the latest updates that are available without a delay.

Earlier last month, researchers revealed that CVE-2021-21985 has an impact on the vSphere HTML5 client and when exploited, it enables an attacker to run various malicious commands on the compromised operating system that hosts vCenter Server and even establish control over it.

In its official warning, CISA points out that despite the fact that patches of the vulnerability were created on May 25, 2021, many systems have not applied these patches and are presently an appealing target to attackers because of this. Malicious actors who successfully manage to exploit this flaw may easily gain control of company systems and execute malicious commands without being disturbed.

Aside from the CISA warning, security researchers have shared a disturbing discovery where mass scanning for the VMware vCenter servers has been spotted. According to the findings, a proof of concept exploit targeting VMware vCenter servers through the CVE-2021-21985 vulnerability has been detected.

In relation to the discovery and the official warning of CISA, VMware advised its customers to patch their systems as soon as possible. The software company recommended that organizations with vCenter Servers connected to the internet for management purposes do an audit of their system to identify potential security breaches, since unpatched systems connected to the internet are one of the easiest targets.

More details on the advisory can be found on VMware’s blog post and the FAQ page specially created for that issue.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment