Articles Fresh bug in VMware vCenter is already under attack

Fresh bug in VMware vCenter is already under attack


An exploit for the recently fixed RCE vulnerability in VMware vCenter (CVE-2021-22005) has been published online. Experts warned that hackers had already adopted the exploit.

The issue CVE-2021-22005 became known last week. Then VMware engineers reported that they fixed the bug and recommended that users install updates as soon as possible, because the vulnerability is classified as critical and received 9.8 points out of 10 on the CVSS scale. The bug is dangerous for machines running vCenter Server versions 6.7 and 7.0.

According to information security company Bad Packets, network scanning in search of vulnerable machines began last week. The attacks came from Canada, the United States, Romania, the Netherlands, China and Singapore.

Bad Packets specialist Troy Mursch told Bleeping Computer that the attacks recorded by the company’s honeypots used code based on an incomplete exploit previously published by Vietnamese security researcher Yang.

Young studied the VMware patch and the company’s proposed workarounds, and then published an article with his findings on the vulnerability, as well as a PoC exploit (which was incomplete and did not lead to remote code execution). Alas, these details were enough for the hackers to create their own working exploit for CVE-2021-22005, which allows remote code execution with root rights.

Young told Bleeping Computer that he believed it would take an average attacker about an hour to create a working and reliable version of the exploit. He strongly recommends that administrators defend against CVE-2021-22005 attacks as soon as possible.

The researcher also posted a video demonstrating how an attacker could exploit the vulnerability.

IoT search engines currently find thousands of available VMware vCenter Server instances on the Internet. So, Shodan finds  more than 5000 cars , and Censys about 6800 . Of course, not all of these servers are vulnerable to CVE-2021-22005. For example, Censys notes that 3,264 hosts are “potentially vulnerable,” and 436 have already patched them.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you