CVE-2021-21972

Description from NVD

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Information Acquisition Date:2021-04-27T11:06Z
CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     source:CONFIRM
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(1 tweets) VMware(4 tweets) vSphere(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE2911
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...250
https://lists.astaro.com/ASGV9-IPS-rules.html17
https://www.vmware.com/security/advisories/VMSA-2021-0002.html9
http://t.me/gobies8
https://swarm.ptsecurity.com/unauth-rce-vmware/8
https://www.pentera.io/blog/information-disclosure-in-vmwar...7
http://noahblog.360.cn/vcenter-6-5-7-0-rce-lou-dong-fen-xi/7
http://travaux.ovh.net/?do=details&id=492807
https://vfeed.io6
https://arstechnica.com/information-technology/2021/02/arme...6
https://reconshell.com/cve-2021-21972-vcenter-rce-vulnerabi...5
https://www.lac.co.jp/lacwatch/alert/20210226_002451.html4
https://www.jpcert.or.jp/at/2021/at210011.html4
https://securityaffairs.co/wordpress/115001/hacking/cve-202...4
https://www.securityweek.com/hackers-scanning-vmware-vcente...4
https://securityboulevard.com/2021/02/attackers-collaborate...4
https://ift.tt/3dHq1S83
https://github.com/maazsyed/CVE-PoC-Exploits/tree/master/CV...3
https://twitter.com/ptswarm/status/13642833102817853503
https://kb.vmware.com/s/article/823743
https://www.shodan.io/search?query=http.title%3A%22ID_VC_We...3
https://www.zdnet.com/article/more-than-6700-vmware-servers...3
https://attackerkb.com/topics/lrfxAJ9nhV/vmware-vsphere-cli...3
https://blog.rapid7.com/2021/02/24/VMware-vcenter-server-cv...3
https://www.tenable.com/blog/cve-2021-21972-vmware-vcenter-...3
https://thehackernews.com/2021/02/critical-rce-flaw-affects...3
https://www.helpnetsecurity.com/2021/02/25/cve-2021-21972/?...3

Information from Twitter

User URL Info Source Date
ipssignatures https://twitter.com/mertcangokgoz/status/1621613393084928001 Source ipssignatures    1621782107021271045 2023/02/04
kalinga https://www.vmware.com/security/advisories/VMSA-2021-0002.html Source kalinga          1622209899295019008 2023/02/05
GeorgeWest3112 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Source GeorgeWest3112   1622950364113694721 2023/02/07
an0ngh05t https://twitter.com/an0ngh05t/status/1624594465829650434/vi... Source an0ngh05t        1624594465829650434 2023/02/12
edxpmen99 https://lnkd.in/erT29ipJ Source edxpmen99        1628379805937704961 2023/02/22
dark_sky_intel https://github.com/NS-Sp4ce/CVE-2021-21972/blob/main/payloa... Source dark_sky_intel   1628923795342860290 2023/02/24
an0ngh05t None Source an0ngh05t        1632781788756967430 2023/03/07

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com2911
alerts.vulmon.com250
lists.astaro.com17
www.vmware.com9
t.me8
swarm.ptsecurity.com8
www.pentera.io7
noahblog.360.cn7
travaux.ovh.net7
vfeed.io6
arstechnica.com6
reconshell.com5
www.lac.co.jp4
www.jpcert.or.jp4
securityaffairs.co4
www.securityweek.com4
securityboulevard.com4
ift.tt3
github.com3
twitter.com3
kb.vmware.com3
www.shodan.io3
www.zdnet.com3
attackerkb.com3
blog.rapid7.com3
www.tenable.com3
thehackernews.com3
www.helpnetsecurity.com3

Information from Twitter

User URL Info Source
ipssignatures twitter.com Show Tweet
kalinga vmware.com Show Tweet
GeorgeWest3112 vmware.com Show Tweet
an0ngh05t twitter.com Show Tweet
edxpmen99 lnkd.in Show Tweet
dark_sky_intel github.com Show Tweet
an0ngh05t Show Tweet
GitHub Search Results: Up to 10
NameURL
NS-Sp4ce/CVE-2021-21972 https://github.com/NS-Sp4ce/CVE-2021-21972
horizon3ai/CVE-2021-21972 https://github.com/horizon3ai/CVE-2021-21972
QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC
alt3kx/CVE-2021-21972 https://github.com/alt3kx/CVE-2021-21972
psc4re/NSE-scripts https://github.com/psc4re/NSE-scripts
milo2012/CVE-2021-21972 https://github.com/milo2012/CVE-2021-21972
conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 https://github.com/conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972
GuayoyoLabs/CVE-2021-21972 https://github.com/GuayoyoLabs/CVE-2021-21972
yaunsky/CVE-2021-21972 https://github.com/yaunsky/CVE-2021-21972
B1anda0/CVE-2021-21972 https://github.com/B1anda0/CVE-2021-21972
GitHub Search Results: Up to 10
NameURL
NS-Sp4ce/CVE-2021-21972 github.com
horizon3ai/CVE-2021-21972 github.com
QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC github.com
alt3kx/CVE-2021-21972 github.com
psc4re/NSE-scripts github.com
milo2012/CVE-2021-21972 github.com
conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 github.com
GuayoyoLabs/CVE-2021-21972 github.com
yaunsky/CVE-2021-21972 github.com
B1anda0/CVE-2021-21972 github.com
2023/03/07 Score : 0
Added Har-sia Database : 2021/02/24
Last Modified : 2023/03/07
Highest Scored Date : 2021/02/25
Highest Score : 186