A Chinese security researcher reports that an unaddressed flaw in vCenter Server, the centralized management utility for VMware, leaves thousands of servers vulnerable to remote attacks without the need for user interaction, according to Cyber Defense Magazine.
VMware has issued an advisory on the vulnerability, designated CVE-2021-21972.
“VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8,” the advisory said. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”
Bad Packets employees have reported an increase in activities searching for vulnerable servers in the aftermath of the flaw’s publication. A query of the Shodan search engine turns up more than 6,700 VMware vCenter servers that are potentially vulnerable to the flaw and can be found online.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Organizations remediated security issues added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog 3.5 times faster than those that are not in the catalog, according to The Record, a news site by cybersecurity firm Recorded Future.
Software firms have been urged by the FBI and Cybersecurity and Infrastructure Security Agency to ensure the absence of path traversal or directory traversal vulnerabilities in their products prior to shipping, BleepingComputer reports.