Thousands of instances of VMware vCenter Servers with two recently disclosed vulnerabilities in them remain publicly accessible on the Internet three weeks after the company urged organizations to immediately patch the flaws, citing their severity.
The flaws, CVE-2021-21985 and CVE-2021-21986, basically give attackers a way to take complete control of systems running vCenter Server, a utility for centrally managing VMware vSphere virtual server environments. The vulnerabilities exist in vCenter Server versions 6.5, 6.7, and 7.0.
VMware released patches addressing the vulnerabilities on May 25. At the time, the company urged organizations with affected versions of the software to apply the patches quickly because of the high level of risk the flaws presented to enterprise security. "The decision on how to proceed is up to you," the company had noted in an advisory at the time. "However, given the severity, we strongly recommend that you act."
Yet three weeks after that announcement — and a subsequent warning of exploit activity from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) — many vulnerable vCenter Server instances remain unpatched and open to attack, according to Trustwave. The company recently conducted a search on Shodan to see how many vulnerable instances of the utility it could find that were still accessible over the Internet.
The sear ..
Support the originator by clicking the read the rest link below.
