Researchers are ringing the alarm bells and discover that hackers are desperately searching the Internet for unpatched VMware servers that have a dangerous code execution vulnerability.
The vSphere Client (HTML5) contains a remote code execution vulnerability (CVE-2021-21972) in a vCenter Server plug-in. This means that hackers with the correct network access (according to VMware on port 443) can execute commands with unrestricted permissions on the base operating system on which the vCenter Server is located.
Following the release of a patch on February 23, VMware gave the vulnerability a rating of 9.8, also known as Critical, for its severity range.
The next day, Bad Packets’ cybersecurity researcher Troy Mursch said hackers were actively looking for vulnerable servers.
“We have detected mass scan activities targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html),” Mursch tweeted on Wednesday.
We noticed mass scan activity targeting …