On February 23, 2021, VMWare announced that it had fixed several vulnerabilities in its VMWare vCenter and ESXi products. The vulnerabilities consisted of critical unauthenticated remote code execution (RCE), server-side forgery request (SSRF), and a heap overflow vulnerability in the OpenSLP protocol. VMWare published the advisory on February 23rd with patch updates and workarounds. In addition, several Exploit Proofs of Concepts (POCs) for one or more of the vulnerabilities were released on the evening of February 24th. TRT Intel strongly recommends that you ensure that the updates or workarounds are implemented as the successful compromise could have ramifications and consequences. TRT Intel is also aware of ransomware and possible government sponsored activities that have exploited vulnerabilities in VMWare products in previous campaigns.


Threat and technical data

On February 23, 2021, VMWare announced that it had fixed several vulnerabilities in its VMWare …



Source link

Leave a Reply