Recently, in View Planner, it’s a benchmarking desktop client that is available for free, VMware has inscribed a critical unauthenticated RCE vulnerability, so, the servers that are running the unpatched software could be abused by the threat actors for RCE (Remote Code Execution).
Mikhail Klyuchnikov, a web application security expert at Positive Technologies who have discovered and reported this security flaw.
The security flaw that has been tacked by Mikhail is identified as CVE-2021-21978 with a CVSS score of 8.6 out of 10, and any unauthenticated attackers can exploit this vulnerability without any user interaction.
Moreover, the actual cause of this flaw is improper validation of file extensions. And a successful attack could easily allow an unauthenticated attacker to upload arbitrary files through specially-crafted HTTP requests.
After the above operation, the attacker can upload files to run malicious code on the vulnerable and arbitrated servers.
Hackers are Finding Vulnerable VMware Servers
According to the reports, Mikhail Klyuchnikov has also addressed another vulnerability which is tracked and identified as CVE-2021-21972 last month, and it’s a critical Remote Code Execution (RCE) bug discovered in the vCenter Server plugin.
The security analysts have asserted that the attackers have already started finding vulnerable VMware vCenter servers, just after the release of PoC exploit code.
Apart from this, the security search engine, Shodan and BinaryEdge has shown more than 20000 vulnerable vCenter servers.