After security researchers developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter Remote Code Execution (RCE) vulnerability, attackers are now actively searching for vulnerable VMware servers exposed on the Internet.
The scanning activity was detected by threat intelligence firm Bad Packets just one day after VMware patched the critical vulnerability.
Thousands of unpatched vCenter servers are still accessible via the Internet, according to information from BinaryEdge (over 14,000 exposed servers) and Shodan (over 6,700).
Mikhail Klyuchnikov of Positive Technologies found the bug (CVE-2021-21972) in Fall 2020 and privately reported it to VMware in October 2020.
Positive Technologies has delayed the release of all technical details at a later date to give companies enough time to patch their vCenter servers or block public access to them.
You, however decided to publish yesterday after at least two PoC exploits for the …