CISA Warns of Critical VMware RCE Flaw Exploited in Attacks

March 10, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical Remote Code Execution (RCE) vulnerability in VMware's Cloud Foundation, tracked as CVE-2021-39144. The vulnerability, which has been assigned an almost maximum severity score of 9.8/10 by VMware, can be exploited by unauthenticated threat actors in low-complexity attacks to execute arbitrary code remotely with root privileges on unpatched appliances.

Sina Kheirkhah of MDSec and Steven Seeley of Source Incite discovered the vulnerability and VMware released security updates to address it on October 25th. CISA has now added the CVE-2021-39144 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, following confirmation from VMware that the bug is being exploited in the wild. Wallarm reported that active exploitation started on 2022-Dec-08 and has been ongoing since at least early December 2022, with over 40,000 attempts to exploit the vulnerability.

"If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure," said Wallarm. CISA has ordered U.S. federal agencies to secure their systems against attacks within three weeks, until March 31st, and has strongly urged all organizations to patch this bug to protect their servers from ongoing attacks. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.