vCenter is experiencing a code execution flaw that leaves it open to cyber attack
If you’re an admin responsible for a vCenter machine, you need to apply the latest patch immediately!
There is currently a code execution flaw in vCenter that is exploitable and allowing cyber criminals to install a web shell.
The severity of this vulnerability is rated as a 9.8 out of 10. It is listed as being under active exploitation.
This vulnerability is tracked as CVE-2021-21985.
A VMware advisory was published last week that states that vCenter machines that are using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are on a port that is exposed to the internet.
This is a high priority issue that should be addressed immediately.
Researchers attempting to exploit this vulnerability have published their ability to modify and gain remote code execution with as little as a single mouse click.
If white hat researchers are able to manipulate this vulnerability that quickly, then cyber criminals are as well.
As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648
RHYNO Networks was designed to meet the needs of the IT marketplace. Specifically, to offer businesses skilled, timely IT services in order for them to focus on their business. We’re dedicated to the principles of Reliability, Innovation and Customer Service.