A fully working exploit for the critical CVE-2021-22005 remote code-execution (RCE) vulnerability in VMware vCenter is now public and being exploited in the wild.
Released on Monday by Rapid7 security engineer William Vu (who goes by the Twitter handle wvu), this one’s different from the incomplete proof-of-concept (PoC) exploit that began making the rounds on Friday. This variant can be used to open a reverse shell on a vulnerable server, allowing remote attackers to execute arbitrary code.
The vulnerability can be exploited by unauthenticated, remote users and allows attackers to upload a file to the vCenter Server analytics service.
Read more…
Source: ThreatPost