Hackers are targeting and exploiting a VMware vCenter Server Vulnerability known as CVE-2021-22005. If MSPs and MSSPs fail to patch the software for customers, then cybercriminals with network access to port 443 can exploit the vulnerability to execute malicious code on vCenter Servers, according to a Cybersecurity & Infrastructure Security Agency (CISA) alert.
VMware disclosed the vulnerability on September 21. A follow-on VMware statement, released September 24, confirmed reports of active exploits in the wild. The CISA added:
"Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability."
How to Patch VMware vCenter Server Vulnerability
Amid those warnings, CISA is urging critical infrastructure entities and other organizations with affected vCenter Server versions to upgrade their software. It is encouraging these organizations to leverage VMware patches to address the vulnerability. If the fix can't be applied immediately, organizations can apply a temporary vCenter Server workaround provided by VMware, CISA said.