By Juha Saarinen on Feb 25, 2021 11:27AM
Patches available for no-authentication vulnerability with proof-of-concept.
Administrators are advised to patch their VMware servers as soon as possible, after a proof of concept for a critical remote code execution (RCE) vulnerability that requires no authentication to exploit was released.
Positive Technologies security researcher Mikhail Klyuchnikov reported the RCE vulnerability to VMware in October last year, but kept details of the flaw under wraps.
However, a Chinese security vendor, Noah Lab, published a proof of concept for vCenter RCE today.
Mass scans for the vulnerability are currently taking place, security vendor Bad Packets said.