The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware Cloud Foundation to its catalog of well-known exploited vulnerabilities (KEV). The Remote Code Execution (RCE) vulnerability, CVE-2021-39144, was discovered in October 2022 in the Xstream open source code used by Cloud Foundation. The vulnerability has a CVSS score of 9.8 according to VMware and can be exploited by unauthorized hackers for remote execution of arbitrary code with root privileges without requiring any interaction with the user.
Vmware has already released updates to fix the vulnerability, but CISA has included it in KEV after confirming that it has been operated in real attacks. On March 6, IB-company Wallarm reported that the operation CVE-2021-39144 began just a few weeks after the release of safety updates. Over the past two months, the vulnerability has been used more than 40,000 times, and active operation began on December 8, 2022 and continues to this day.
Experts at Wallarm have warned that if the vulnerability is exploited, the consequences can be catastrophic. Cybercriminals can execute arbitrary code, steal data and gain control over network infrastructure. As a result, CISA has urged all US federal agencies to protect their systems against potential attacks by March 31.