VMware warns of critical vRealize flaw exploited in attacks


Level 15
Thread author
Top Poster
Mar 13, 2022
VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks.

"VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild," the company said today.

This notice follows multiple warnings from cybersecurity firm GreyNoise, the first issued one week after VMware patched the security flaw on June 15 and just two days after security researcher Sina Kheirkhah shared technical details and proof-of-concept exploit code.

"We have observed attempted mass-scanning activity utilizing the Proof-Of-Concept code mentioned above in an attempt to launch a reverse shell which connects back to an attacker controlled server in order to receive further commands," GreyNoise research analyst Jacob Fisher said.

GreyNoise CEO Andrew Morris also alerted VMware admins of this ongoing malicious activity earlier today, which likely prompted VMware to update its advisory.

GreyNoise now provides a dedicated tag to help keep track of IP addresses observed while attempting to exploit CVE-2023-20887.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.