The security flaws disclosed by VMware on Tuesday have several serious implications for any organization using vCenter. Our sensors show vCenter instances in 79% of enterprise environments.
As a VMware spokesperson acknowledged, chances are that someone is already on your network, looking for an avenue to perform remote code execution, and these VMware security flaws allow that and then some. The most critical, CVE-2021-22005, allows an attacker to execute both commands and software on any unpatched device. Other vulnerabilities provide additional avenues for remote code execution and privilege escalation. Strung together, these vulnerabilities could allow someone to inflict significant damage in a short period of time.
With the announcement of these security flaws, the clock is running on when POCs will become available for exploitation. The first step is to heed VMware’s advice. Patch these devices as soon as possible. The second step is to closely monitor your network for any anomalous activity that may indicate that a device has already been compromised.