"Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet"
Thousands of VMware vCenter Servers, containing two recently disclosed critical vulnerabilities, are still publicly accessible on the Internet three weeks after the company called on organizations to patch the flaws. The exploitation of the vulnerabilities, CVE-2021-21985 and CVE-2021-21986, could allow attackers to take complete control over systems running vCenter Server, the utility for the central management of VMware vSphere virtual server environments. The flaws are presented in vCenter Server versions 6.5, 6.7, and 7.0. On May 25, VMware released patches that address the vulnerabilities and urged organizations with impacted versions of the software to apply the patches immediately because of the high level of risk posed by the flaws to enterprise security. Despite VMware's warning and the release of an advisory by the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) pertaining to exploit activity, many organizations have still not patched the flaws, thus leaving a lot of vulnerable vCenter Server instances open to attack. A Shodan search by the security vendor Trustwave found a total of 5,271 instances of VMware vCenter Servers publicly exposed to the Internet, 4,019 of which were confirmed to contain the two flaws identified by VMware last month. Trustwave also revealed that another 942 hosts were found running old and end-of-life vCenter Server versions. Karl Sigler, senior security research manager at Trustwave SpiderLabs, says it is easy for attackers with a basic understanding of HTTP and so-called REST application programming interfaces to exploit the two flaws. An attacker would not need to use specialized tools or software since they can perform the attack using standard tools such as curl. This article continues to discuss the vulnerability of thousands of VMware vCenter Server instances to attack and why many affected vCenter Servers remain unpatched.
Dark Reading reports "Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet"