← back
CVE-2021-21972

CVE-2021-21972

CVSS 9.8 CRITICALEPSS 99.6%● KEVCWE-22
In short

A flaw in VMware vCenter Server allows attackers on the network to run unauthorized commands with full control over the server. This is a critical vulnerability that affects multiple versions of vCenter and Cloud Foundation.

Technical detail

The vSphere Client (HTML5) plugin in vCenter Server contains a path traversal or code execution vulnerability accessible over the network (port 443) without authentication. An attacker can exploit this to achieve remote code execution with unrestricted privileges on the underlying OS hosting vCenter Server, affecting versions 7.x, 6.7, and 6.5 before specified patches.

Summary generated and translated by AI from the official description.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · VMware Cloud Foundationn/a · VMware vCenter Server
public PoCs found32
githubgithub.com/Schira4396/VcenterKiller1475githubgithub.com/NS-Sp4ce/CVE-2021-21972501githubgithub.com/horizon3ai/CVE-2021-21972269githubgithub.com/psc4re/NSE-scripts162githubgithub.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC137githubgithub.com/alt3kx/CVE-2021-2197254githubgithub.com/milo2012/CVE-2021-2197233githubgithub.com/GuayoyoCyber/CVE-2021-2197228githubgithub.com/conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-2197228githubgithub.com/TaroballzChen/CVE-2021-2197220githubgithub.com/orangmuda/CVE-2021-2197211githubgithub.com/B1anda0/CVE-2021-2197211githubgithub.com/Ma1Dong/vcenter_rce11githubgithub.com/yaunsky/CVE-2021-219728githubgithub.com/murataydemir/CVE-2021-219726githubgithub.com/ByZain/CVE-2021-219723githubgithub.com/haidv35/CVE-2021-219723githubgithub.com/pettyhacks/vSphereyeeter3githubgithub.com/renini/CVE-2021-219722githubgithub.com/L-pin/CVE-2021-219721githubgithub.com/robwillisinfo/VMware_vCenter_CVE-2021-219721githubgithub.com/Osyanina/westone-CVE-2021-21972-scanner1githubgithub.com/d3sh1n/cve-2021-219720githubgithub.com/user16-et/cve-2021-21972_PoC0githubgithub.com/JMousqueton/Detect-CVE-2021-219720githubgithub.com/TAI-REx/CVE-2021-219720githubgithub.com/SimoesCTT/CTT-enhanced-VMware-vCenter0exploitdbwww.exploit-db.com/exploits/49602unverifiedcve_referencepacketstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50056unverifiedcve_referencepacketstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.htmlhttp://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21972https://www.vmware.com/security/advisories/VMSA-2021-0002.html