VMware vCenter under widespread attack

By

Users advised to urgently patch multiple flaws.

A set of vulnerabilities in the VMware vCenter virtualisation management platform and the company's Cloud Foundation are under active attack currently with users strongly adviced to patch their instances as soon as possible.

VMware vCenter under widespread attack

The bugs allow for remote code execution, with proof-of-concept code for one of them now being published on social media that uses built-in UNIX shell tools for exploitation.

Other proof-of-concept code is appearing for the other VMware vulnerabilities, but researchers are holding back on publishing full details to allow admins to patch their installations first.

Security researchers have detected mass exploitation attempts taking place.

VMWare has acknowledged the multiple critical vulnerabilities in its vCenter Server and Cloud Foundation products, and is advising customers to act immediately to remedy the bugs as not doing so may have serious ramifications.

The company has also confirmed the vulnerabilities are being exploited in the wild currently.

Updates are available from VMware that resolve the vulnerabilities, the most serious of which is a vCenter file upload bug that's rated as 9.8 out of a maximum 10 severity on the Common Vulnerabilities and Exposures (CVE) list. The bug allows for remote code execution.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?