The CISA catalogue of security flaws exploited in the wild has increased, with an addition of a critical severity vulnerability in VMware’s Cloud Foundation. The vulnerability inclusion decision was followed by VMware’s confirmation that the vulnerability is being exploited in the wild.
Wallarm, a cybersecurity firm, affirmed that a vulnerability tracked as CVE-2021-39144 has been actively exploited in the wild since December 2022, a few weeks after the release of security updates, which a statement by VMware followed.
“Updated advisory with information that VMware has received reports of exploitation activities in the wild involving CVE-2021-39144.” Said VMware in a Thursday update to the original advisory.
Further discoveries from Wallarm have reported over 40,000 exploitations in the last two months, from 8th December 2022. Wallarm have expressed concerns in a statement about the possible attack outcome.
“If successfully exploited, the impact of their vulnerabilities could be catastrophic, allowing attackers to execute arbitrary codes, steal data, and/or take control of the network infrastructure.”
The severity of the vulnerability discovered in the Xstream open-source library utilized by VMware’s products was rated 9.8/10 and treated with urgency dues to the risks attached. According to explanations from VMware, a threat actor needs no authentication to exploit the flaw in a low-complexity attack requiring no user interaction in the remote execution of arbitrary code. CISA has ordered the U.S. federal agencies to tighten system security against attacks for three weeks to enable them to thwart all attacks targeting their network.
CISA warned the vulnerabilities are frequent attack vectors for malicious cyber actors and pose a significant risk to the federal enterprise. It has led the cyber security agent to go beyond the November 2021 binding operational directive (BOD 22-01) to urge all organizations to secure their servers against ongoing attacks actively.
