Home News Over 6,700 VMware Servers Vulnerable to Takeover Attacks

Over 6,700 VMware Servers Vulnerable to Takeover Attacks

Researchers found active scans for 6,700 VMware servers, which are exposed online and vulnerable to takeover attacks.

SHARE
Data breach in 100 U.S. cities

Cybersecurity researchers from threat intelligence firm Bad Packets revealed that enterprise software provider VMware’s 6,700 servers are exposed online and vulnerable to cyberattacks. Threat actors can exploit the unsecured servers to deploy the malware into unpatched devices and compromise entire corporate networks.

Researchers claimed that they’ve identified mass scanning activity of cybercriminals targeting vulnerable VMware servers. Besides, a Chinese security researcher published a proof-of-concept code for a vulnerability “CVE-2021-21972” in VMware servers.

Affected products from CVE-2021-21972 flaw include:

  • VMware ESXi
  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

VMware Fixes the Issues

VMware issued security fixes for multiple flaws including CVE-2021-21973, CVE-2021-21974, and CVE-2021-21972. “Multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products,” VMware said.

The remote code execution vulnerabilities in the vCenter Server plugin could allow a malicious actor with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system that hosts the vCenter Server.

VMware stated that more than 6,700 vCenter servers online are now vulnerable to takeover attacks if administrators failed to apply the patches. The company urged customers to update their systems as early as possible to avoid any cyber risks.

Ransomware Operators Exploit VMWare Flaws

According to a recent report, ransomware operators are reportedly exploiting two previously known vulnerabilities in VMWare ESXi logged under CVE-2019-5544 and CVE-2020-3992 to target their victims’ virtual hard disks. ESXi is a solution that allows multiple virtual machines to share the same hard drive storage. Read more…