Code-execution flaw in VMware has a severity rating of 9.8 out of 10

by
Dan Goodin
from Ars Technica - All content on (#5ENSD)
red-alert-800x533.jpg

Enlarge (credit: Getty Images)

Hackers are mass-scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10.

CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an application for Windows or Linux that administrators use to enable and manage virtualization of large networks. Within a day of VMware issuing a patch, proof-of-concept exploits appeared from at least six different sources. The severity of the vulnerability, combined with the availability of working exploits for both Windows and Linux machines, sent hackers scrambling to actively find vulnerable servers.

We've detected mass scanning activity targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html)," researcher Troy Mursch of Bad Packets wrote.

Read 7 remaining paragraphs | Comments

index?i=kW5gV8MbxSI:Yx1KKPJIW6E:V_sGLiPB index?i=kW5gV8MbxSI:Yx1KKPJIW6E:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments