VMWare issued a patch to correct the critical vulnerability in VMware vCenter Server and VMware Cloud Foundation on May 25, 2021. Beaumont was one of several researchers to report their honeypots were being scanned for vulnerable vCenter servers. The web shell would allow a remote attacker to have the same control over the machine as a local administrator. On Friday last week, security researcher Kevin Beaumont said one of his honeypots that was set up with an unpatched version of VCenter was scanned by remote systems and the CVE-2021-21985 vulnerability was exploited to deliver a web shell. ![]() One exploit in the public domain has been confirmed as reliable and can be tweaked and used malicious purposes. An unauthenticated attacker can remotely exploit the flaw to achieve code execution. The flaw affects vCenter Servers that with the default configuration, which can be reached on an Internet exposed port. The flaw is now being exploited by at least one threat actor to install a web shell on unpatched machines. VMware issued an advisory about the flaw in the last week in May and urged users to patch promptly to avoid exploitation. ![]() There have been several successful exploits of the 9.8/10 severity vulnerability and at least one reliable exploit for the flaw is now in the public domain. The critical VMware vCenter Server vulnerability CVE-2021-21985 is being actively exploited in the wild.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |