Security researchers have developed and published proof-of-concept exploit code targeting a critical vCenter remote code execution (RCE) vulnerability. Thousands of unpatched vCenter servers are still reachable over the Internet, according to information provided by BinaryEdge (14,000 exposed servers) and Shodan (over 6,700) Researchers found the bug (CVE-2021-21972) during the fall of 2020 and reported it privately to VMware in October 2020. Successful exploitation of this security bug allows attackers to take over an organization’s entire network.
Source: https://www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/