Roughly 20,000 VMware ESXi servers that are apparently unpatched against an exploited vulnerability are accessible from the internet, data from The Shadowserver Foundation shows. The flaw is an authentication bypass that allows threat actors to gain full access to a vulnerable ESXi instance. Threat actors such as Storm-0506, Storm-1175, Octo Tempest, and Manatee Tempest, Microsoft said, exploited the vulnerability in multiple attacks, in some cases deploying ransomware such as Akira and Black Basta. Although it is a medium-severity bug, its ongoing exploitation by multiple threat actors makes applying the available patches an urgent matter for all organizations.

Read more: https://www.securityweek.com/exploited-vulnerability-could-impact-20k-internet-exposed-vmware-esxi-instances/