Remote console access also exists outside of virtual environments. Yes, getting it means the attackers already got somewhere they shouldn't, but it isn't necessarily easy to exploit outside of DoS-attacks.