CISA Warns of Critical VMware RCE Flaw Exploited in Attacks
March 10, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical Remote Code Execution (RCE) vulnerability in VMware's Cloud Foundation, tracked as CVE-2021-39144. The vulnerability, which has been assigned an almost maximum severity score of 9.8/10 by VMware, can be exploited by unauthenticated threat actors in low-complexity attacks to execute arbitrary code remotely with root privileges on unpatched appliances.
Sina Kheirkhah of MDSec and Steven Seeley of Source Incite discovered the vulnerability and VMware released security updates to address it on October 25th. CISA has now added the CVE-2021-39144 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, following confirmation from VMware that the bug is being exploited in the wild. Wallarm reported that active exploitation started on 2022-Dec-08 and has been ongoing since at least early December 2022, with over 40,000 attempts to exploit the vulnerability.
"If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure," said Wallarm. CISA has ordered U.S. federal agencies to secure their systems against attacks within three weeks, until March 31st, and has strongly urged all organizations to patch this bug to protect their servers from ongoing attacks. "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said.
- Unpatched Zero-Day Bugs in Akuvox E11 Smart Intercom Allow Eavesdropping
- Cisco Patches High-Severity DoS Vulnerability in Enterprise Routers
- IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
- Chinese Cyberspies Exploit Unpatched SonicWall Gear
- Fortinet Warns of Critical Unauthenticated RCE Vulnerability
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.