Cyber security researchers have discovered that over 6,700 servers of enterprise software major VMware are currently exposed online, are connected to the internet and vulnerable to new bugs by hackers.
ZDNet reported that the exposed servers can let hackers slip malware into unpatched devices and take over companies’ entire networks. “We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers,” threat intelligence firm Bad Packets said in a tweet late on Wednesday..
A Chinese security researcher has also published a proof-of-concept code on their blog for a vulnerability in VMware servers billed as “CVE-2021-21972”. This vulnerability impacts vSphere Client (HTML5), a plugin of VMware vCenter, a type of server usually deployed inside large enterprise networks.
“It is a centralised management utility through which IT personnel manage VMware products installed on local workstations”.
Another cyber security firm PT Swarm tweeted: “VMware fixed an Unauth RCE in vCenter (CVE-2021-21972) found by our researcher Mikhail Klyuchnikov”.
The issue has been classified as “highly critical” and privately reported to VMware, which has released official patches, the report noted. “Making matters worse, the exploit for this bug is also a one-line cURL request, which makes it easy even for low-skilled threat actors to automate attacks,” it added.
More than 6,700 VMware vCenter servers are currently connected to the internet and “are now vulnerable to takeover attacks if administrators failed to apply the CVE-2021-21972 patches”.
VMware has urged customers to update their systems as soon as possible.