Three weeks after
company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet , security vendor says. Thousands of instances of VMware vCenter Servers with two recently disclosed vulnerabilities in them remain publicly accessible on the Internet three weeks after the company urged organizations to immediately patch the flaws, citing their severity. The flaws, CVE-2021-21985 and CVE-2021-21986, basically give attackers a way to take complete control of systems running vCenter Server, a utility for centrally managing VMware vSphere virtual server environments. The vulnerabilities exist in vCenter Server versions 6.5, 6.7, and 7.0. “The vulnerabilities are critical and can result in complete system takeover via remote code exploitation,” Sigler says. The flaws are also relatively easy to exploit for any attacker with even a rudimentary understanding of HTTP and so-called REST application programming interfaces. “An attacker wouldn’t even need specialized tools or software, as an entire attack can be performed with standard tools like ‘curl,'” Sigler says.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in