Thousands of VMware vCenter servers are currently exposed online and vulnerable to a new attack that can allow hackers to take over devices. The exploit for this bug is also a one-line cURL request, which makes it easy even for low-skilled threat actors to automate attacks.
VMware has taken this bug very seriously and has assigned a severity score of 9.8 out of a maximum of 10 and is now urging customers to update their systems as soon as possible.
Impacted Products
- VMware ESXi
- VMware vCenter Server
- VMware Cloud Foundation
Users of these products are well-advised to head over to the official VMware response page at https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Advisory ID: | VMSA-2021-0002 |
CVSSv3 Range: | 5.3-9.8 |
Issue Date: | 2021-02-23 |
Updated On: | 2021-02-23 (Initial Advisory) |
CVE(s): | CVE-2021-21972, CVE-2021-21973, CVE-2021-21974 |
Synopsis: | VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974) |
Twitter user @bad_packets has reported-
We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html).
Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel