A working exploit for CVE-2021-22005 — a vulnerability with VMware vCenter — has been released and is reportedly being used by threat actors, according to experts tracking the issue.
Last week, VMware warned of a critical vulnerability in the analytics service of vCenter Server and urged users to update their systems as soon as possible.
On September 21, VMware said that its vCenter Server is affected by an arbitrary file upload vulnerability in the Analytics service which would allow a malicious actor with network access to exploit this vulnerability to execute code on vCenter Servers.
By September 24, VMware had confirmed reports that CVE-2021-22005 was being exploited in the wild and dozens of security researchers online reported mass scanning for vulnerable vCenter Servers and publicly available exploit codes.