| Alert |
VMware ESXi Servers are the target of a recent ransomware campaign. This global threat, dubbed “ESXiArgs,” appear to be targeting unpatched and unprotected instances of VMware ESXi.
| Who is Affected / Which CVEs are Involved? |
The primary impact is to organizations that are running unpatched versions of ESXi, where attackers also have direct access to ESXi management interfaces.
It is very likely that attackers are using any vulnerability accessible to them, but the media has speculated about the involvement of these specific CVEs:
- CVE-2022-31699
- CVE-2021-21995
- CVE-2021-21974
- CVE-2020-3992
- CVE-2019-5544
| What do I Need to Do |
Organizations that are running versions of software older than current releases are at risk and should be updated to the latest versions immediately. Customer security personnel should make assessments of more nuanced situations; for assistance with security assessments please engage VMware Professional Services.
| Additional Questions |
For more information on this threat or to learn about how the Advanced Security Team works with clients to mitigate threats like this, don’t hesitate to reach out or schedule a call.
