Homesecurity6.700 VMware servers are exposed to the Internet and vulnerable to critical bugs

6.700 VMware servers are exposed to the Internet and vulnerable to critical bugs

More than 6.700 VMware vCenter servers are exposed to Internet and vulnerable to a serious error, which could allow cybercriminals to violate the vulnerable Appliances and take control of entire corporate networks.

VMware servers

According to the company Bad Packets, are already being scanned by criminals for vulnerable VMware vCenter devices.

The scans started yesterday, after the publication proof-of-concept code for one vulnerability named CVE-2021-21972, by a Chinese researcher.

This vulnerability affects it vSphere Client (HTML5), a VMware vCenter plugin, a type of server commonly used in large corporations networks as a management utility, through which IT staff manages VMware products installed on local workstations.

Due to VMware vCenter server within corporate networks, The issue was described as extremely critical and referred to VMware, which was released yesterday patches to deal with it.

However, the publication of the proof-of-concept code by the Chinese researcher and others did not leave much time for Companies apply patch. It also launched a massive scan for vulnerable Vmware servers exposed to Internet, with hackers to rush to violate the systems before rival hacking teams.

The most worrying thing is that exploiting this error is also one-line cURL request, which means that even attackers with little specialization can automate attacks.

According to a Shodan query, More than 6.700 VMware vCenter servers are currently connected to the Internet. All these systems are vulnerable in takeover attacks, if administrators have not installed yesterday updates security.

VMware rated the vulnerability with 9,8 out of 10, in terms of severity, and urges customers update their systems as soon as possible.

Due to the critical role of VMware vCenter servers in corporate networks, a breach of this device could allow hackers to obtain access on any system connected to or associated with the host server.

These types of devices are a favorite target of hackers. They break into the devices and then sell access to ransomware gangs. A lot ransomware groups such as Darkside and RansomExx have been targeting VMware systems since last year.

Source: ZDNet

Digital fortress
Pursue Your Dreams & Live!