Hackers have discovered an exploit for VMware vCenter vulnerability

(Image credit: Altalex)

A working exploit for a critical vulnerability in VMware vCenter patched last week has been spotted in the wild and is actively being used by threat actors, according to cybersecurity experts.

Tracked as CVE-2021-22005, the vulnerability exists in the analytics service of vCenter Server, and can be exploited to allow attackers to remotely execute malicious code on unpatched vCenter Servers. 

Several security experts had warned of mass scanning activity within a day of the vulnerability’s disclosure, and the threat has become real with the discovery of a working exploit.

“On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability,” shared the US Cybersecurity and Infrastructure Security Agency (CISA) in an advisory

Free for all

Even about a week after VMware putting out the patch for the vulnerability, a report by security vendor Censys shows that there are about 1500 unpatched internet-facing vCenter servers that could be exploited.

Censys’ CTO Derek Abdine told ZDNet that the security vendor had proven that remote execution of the exploit is fairly straightforward.

Commenting on the significance of the vulnerability, John Bambenek, principal threat hunter at Netenrich, told ZDNet that remote code execution (RCE) as root on vCenter servers is pretty significant. 

“Almost every organization operates virtual machines and if a threat actor has root access, they could ransom every machine in that environment or steal the data on those virtual machines with relative ease,” opined Bambenek.

Via ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.