Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability. Thousands of vulnerable servers are reachable over the Internet at the moment, according to the Shodan search engine. The vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not. Security researchers have also developed and published a proof-of-concept (PoC) RCE exploit code targeting this critical vulnerability.
Source: https://www.bleepingcomputer.com/news/security/attackers-are-scanning-for-vulnerable-vmware-servers-patch-now/