"Attackers Target Critical VMware Bug"
The remote code execution vulnerability, tracked as CVE-2021-22005 and contained by VMware's vCenter Server, is being targeted by malicious actors. Security researchers have seen different actors running mass scans for vulnerable instances. According to the security firm Censys, over 3,200 potentially vulnerable vCenter Server instances exposed to the Internet have been identified. The exploitation of the vulnerability could allow a remote attacker to upload an arbitrary file without authentication. It impacts versions 6.7 and 7.0 of vCenter Server, and versions 3.x and 4.x of Cloud Foundation. VMware released information on a workaround to mitigate the vulnerability. Attacks involving this vulnerability have also prompted the U.S. Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory urging organizations to update immediately. As exploit code is publicly available, CISA expects this vulnerability to be widely exploited. This article continues to discuss the exploitation of the VMware bug and other key findings from the analysis of the flaw.