Attackers are actively exploiting a critical vulnerability in VMware vCenter Server that exposes vulnerable enterprise networks to the risk of infiltration.
The arbitrary file upload flaw (CVE-2021-22005) – one of a raft of vCenter vulnerabilities addressed by software updates released on September 21 – can be abused regardless of configuration settings, says VMware.
The situation was serious enough to prompt the US Cybersecurity and Infrastructure Security Agency (CISA) to warn on Friday (September 24) that “widespread exploitation” was likely after RCE exploits surfaced online.
On the same day, threat intelligence firm Bad Packets reported that it had indeed detected “mass scanning activity” against its VMware honeypots. VMware updated its security advisory on the same day to acknowledge that in-the-wild exploitation had been detected.
CISA has urged organizations with vulnerable installations to update their systems as soon as possible and apply a temporary workaround provided by VMware in the meantime.