Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
VMware released updates to solve many vulnerabilities. The riskiest was the CVE-2021-21972
VMware has released security updates to address multiple vulnerabilities: CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of them to take control of an affected system. It has been announced by the US Cybersecurity & Infrastructure Security Agency (CISA). The riskiest was the CVE-2021-21972. It was caused by gaps in the validation of user inputs by the vROP plugin in the VMware vCenter Server Web Application, through which a non-authenticated remote attacker, able to reach vCenter services on http/https ports, could execute arbitrary code on the system target, by accessing the data center infrastructure management systems.