VMWare vCenter Vulnerability Subject to Exploitation
Published on
October 5, 2021

On Tuesday, September 21, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005.  Partial proof of concept (PoC) exploit code for CVE-2021-22005 has surfaced publicly and threat actors have begun to scan the internet for publicly accessible vulnerable vCenter Servers. Although the full working exploit for CVE-2021-22005 is not in the public domain, we expect threat actors to quickly fill in the gaps and begin exploiting this vulnerability in targeted ransomware attacks. Exploitation of CVE-2021-22005 can allow a threat actor with direct network access to a vulnerable system to remotely execute malicious code of their choosing.  Customers should patch all vulnerable vCenter servers as soon as possible.

IT Mentorship in Your Inbox

Subscribe and stay up to date on the latest insights, expert advice, and happenings in IT.