A serious vulnerability in VMware servers has just received a fix. However, right after the patch rolled-out, its PoC exploit appeared online. And now, the adversaries have begun active scans of vulnerable VMware servers to hack.
VMware Servers Vulnerability
Reportedly, VMware has recently fixed a critical vulnerability that poses a serious security threat to vulnerable devices.
Specifically, the bug CVE-2021-21972 affects the vSphere Client. It’s a critical severity bug that received a CVSS score of 9.8. Describing this vulnerability in the advisory, VMware stated,
A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
The vulnerability first caught the attention of Mikhail Klyuchnikov of Positive Technologies last year. After discovering the bug, the researcher reported the bug to VMware in October 2020.
However, VMware has addressed the vulnerability only recently, as it rolled-out patches for two other bugs. One of these, CVE-2021-21974, is a high-severity vulnerability affecting the VMware ESXi that has received a CVSS score of 8.8. Exploiting this heap overflow vulnerability allows remote code execution.
Whereas, the second vulnerability, CVE-2021-21973, is a server-side request forgery (SSRF) bug existing in a vCenter Server plugin. It was a medium-severity bug that achieved a CVSS score of 5.3.
Immediate Patch Needed For CVE-2021-21972
While the vulnerability already caught the attention of the vendors last year, it didn’t appear online as the researchers hid the details to give maximum time to the users to receive the updates.
However, they had to go for an emergency disclosure right after the fix surfaced online. That’s because, at the same time, a Chinese researcher publicly shared the PoC exploit for the critical flaw.
Consequently, the criminal hackers started mass scanning of vulnerable VMware servers to exploit.
Therefore, this vulnerability requires immediate attention from the admins to update the servers. Since Positive Technologies has also shared the details, all relevant network security personnel can figure out additional defenses for this bug.