Thousands of VMware vCenter servers are currently exposed online and vulnerable to a new attack that can allow hackers to take over devices. The exploit for this bug is also a one-line cURL request, which makes it easy even for low-skilled threat actors to automate attacks.
VMware has taken this bug very seriously and has assigned a severity score of 9.8 out of a maximum of 10 and is now urging customers to update their systems as soon as possible.
- VMware ESXi
- VMware vCenter Server
- VMware Cloud Foundation
Users of these products are well-advised to head over to the official VMware response page at https://www.vmware.com/security/advisories/VMSA-2021-0002.html
|Updated On:||2021-02-23 (Initial Advisory)|
|CVE(s):||CVE-2021-21972, CVE-2021-21973, CVE-2021-21974|
|Synopsis:||VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)|
Twitter user @bad_packets has reported-
We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html).
Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel