A working exploit for a critical vulnerability in VMware (opens in new tab) vCenter patched last week (opens in new tab) has been spotted in the wild and is actively being used by threat actors, according to cybersecurity (opens in new tab) experts.
Tracked as CVE-2021-22005, the vulnerability exists in the analytics service of vCenter Server, and can be exploited to allow attackers to remotely execute malicious code on unpatched vCenter Servers.
Several security experts had warned of mass scanning activity (opens in new tab) within a day of the vulnerability’s disclosure, and the threat has become real with the discovery of a working exploit.
- These are the best ransomware protection tools (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
- We've put together a list of the best endpoint protection (opens in new tab) software
“On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability,” shared the US Cybersecurity and Infrastructure Security Agency (CISA) in an advisory (opens in new tab).
Free for all
Even about a week after VMware putting out the patch for the vulnerability, a report by security vendor Censys shows that there are about 1500 unpatched internet-facing vCenter servers that could be exploited.
Censys’ CTO Derek Abdine told ZDNet that the security vendor had proven that remote execution of the exploit is fairly straightforward.
Commenting on the significance of the vulnerability, John Bambenek, principal threat hunter at Netenrich, told ZDNet that remote code execution (RCE) as root on vCenter servers is pretty significant.
“Almost every organization operates virtual machines and if a threat actor has root access, they could ransom (opens in new tab) every machine in that environment or steal the data on those virtual machines with relative ease,” opined Bambenek.
- Here’s our roundup of the best patch management tools (opens in new tab)
Via ZDNet (opens in new tab)