- Hackers are scanning for servers yet to be patched.
- The security flaw could facilitate more unauthenticated attacks.
- Researchers are yet to discover an exploit code that could capitalize on the bug.
In a vulnerability attack on flagship products reported yesterday, there seems to be a new development where threat actors have found a leeway to access VMware servers that admins are yet to patch.
If exploited, the security flaw named CVE-2021-22005 has the potential to facilitate unauthenticated, remote code execution attacks without user interaction.
In an era where attackers are continuously evolving and employing new methods, it is strongly recommended that patching is done as soon as possible as they could be lurking anywhere from your network to your user account.
Just a matter of time
The threat actors must have been very active as the threat was scanned by malicious users looking for the unpatched servers within a matter of time.
This is not the first time attackers have taken advantage of an admin who took too long to patch their vCenter servers and swooped in to attack immediately after a vulnerability was reported. You can also bet that this will not be the last time either.
In this year, there have been two similar incidents. Admins can relax a bit as with CVE-2021=22005, there is no exploit code yet that the attackers could use to capitalize on the bug. This does not mean that they should take the matter less seriously.
Any admin who is yet to patch their system should do so promptly as we wait for a solution to address the bug.
Have you been in a position where you were too late to do something, and it led to exposing your system to vulnerabilities? Share your incident in the comment section below.