VMware vCenter under widespread attack

By

Users advised to urgently patch multiple flaws.

A set of vulnerabilities in the VMware vCenter virtualisation management platform and the company's Cloud Foundation are under active attack currently with users strongly adviced to patch their instances as soon as possible.

VMware vCenter under widespread attack

The bugs allow for remote code execution, with proof-of-concept code for one of them now being published on social media that uses built-in UNIX shell tools for exploitation.

Other proof-of-concept code is appearing for the other VMware vulnerabilities, but researchers are holding back on publishing full details to allow admins to patch their installations first.

Security researchers have detected mass exploitation attempts taking place.

VMWare has acknowledged the multiple critical vulnerabilities in its vCenter Server and Cloud Foundation products, and is advising customers to act immediately to remedy the bugs as not doing so may have serious ramifications.

The company has also confirmed the vulnerabilities are being exploited in the wild currently.

Updates are available from VMware that resolve the vulnerabilities, the most serious of which is a vCenter file upload bug that's rated as 9.8 out of a maximum 10 severity on the Common Vulnerabilities and Exposures (CVE) list. The bug allows for remote code execution.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?