NIST's guidance for a Zero Trust Architecture

Recent AD News

VMware patches critical RCE vulnerability that allowed attackers to execute code remotely

VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.

The company said in its advisory that “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.”

VMware also addressed another vulnerability that allows unauthorized users to send POST requests that allow for further attacks, including the ability to scan the company’s internal network and retrieve data about the open ports of various services. The company provided workarounds for these flaws until the updates can be deployed. The workaround details can be found here.

Related posts
Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

Recent AD News

Microsoft announces Azure Best Practices and Launches Conditional Access Enhancements

Recent AD News

Accellion Zero-Days Responsible for Recent Data Theft and Extortion Attacks

Recent AD News

SolarWinds Puts the Blame on their Intern for the Supply Chain Attack

Leave a Reply

Your email address will not be published. Required fields are marked *