CVE-2021-22005

Description from NVD

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

Information Acquisition Date:2021-10-18T14:30Z
CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

NVD References

 https://www.vmware.com/security/advisories/VMSA-2021-0020.html
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIP-Service-File-Upload.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: VMware(7 tweets)

List of frequently cited URLs

URLNum of Times Referred to
http://twinybots.ch34
https://lists.astaro.com/ASGV9-IPS-rules.html#024
https://zpr.i21
https://www.freethreatintel.com11
https://threatpost.com/working-exploit-vmware-vcenter-cve-2...7
https://www.rapid7.com/blog/post/2021/09/21/critical-vcente...6
https://testbnull.medium.com/quick-note-of-vcenter-rce-cve-...6
https://ift.tt/3zZwG1P5
https://securityaffairs.co/wordpress/122454/security/vmware...5
https://bit.ly/3ugUywB4
https://censys.io/blog/vmware-cve-2021-22005-technical-impa...4
http://mi6rogue.com/blog4
https://kb.vmware.com/s/article/857174
https://attackerkb.com/topics/15E0q0tdEZ/cve-2021-22005/rap...4
https://news.mynavi.jp/article/20210929-1985495/4
https://www.vmware.com/security/advisories/VMSA-2021-0020.html4
https://gist.github.com/testanull/c2f6fd061c496ea90ddee151d...4
https://www.greynoise.io/blog/cve-2021-220054
https://www.securityweek.com/vmware-vcenter-servers-hacker-...4
https://blog.malwarebytes.com/exploits-and-vulnerabilities/...4
https://zpr.io/XhHuf7hTtmhh3
https://buff.ly/3nYzCJr3
https://github.com/projectdiscovery/nuclei-templates/blob/f...3
http://izumino.jp/Security/sec_trend.cgi?ref=tw&ref_date=20...3
https://twitter.com/GossiTheDog/status/14404356448749813933
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq3
https://tweetedtimes.com/Pentest101MX?s=tnp3
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/v...3
https://thehackernews.com/2021/09/vmware-warns-of-critical-...3
https://www.helpnetsecurity.com/2021/09/22/cve-2021-22005/3
https://www.bleepingcomputer.com/news/security/hackers-are-...3
https://ipssignatures.appspot.com/?cve=CVE-2021-220053

Information from Twitter

User URL Info Source Date
Ripple7643 https://twitter.com/Ripple7643/status/1640525340886851587/p... Source Ripple7643       1640525342958862337 2023/03/28
Ripple1911 https://twitter.com/Ripple1911/status/1640623461939703809/p... Source Ripple1911       1640623463462236160 2023/03/28
RikiTerre https://twitter.com/RikiTerre/status/1644091024711512064/ph... Source RikiTerre        1644091027152617476 2023/04/07
ChenikaYetunde https://twitter.com/ChenikaYetunde/status/16441159407017902... Source ChenikaYetunde   1644115942660624386 2023/04/07
ChanequaShannah https://twitter.com/ChanequaShannah/status/1645261606740164... Source ChanequaShannah 1645261608799617026 2023/04/10
TriciaBrit67302 https://twitter.com/TriciaBrit67302/status/1646560331710201... Source TriciaBrit67302 1646560334788821011 2023/04/14

List of frequently cited URLs

URLNum of Times Referred to
twinybots.ch34
lists.astaro.com24
zpr.i21
www.freethreatintel.com11
threatpost.com7
www.rapid7.com6
testbnull.medium.com6
ift.tt5
securityaffairs.co5
bit.ly4
censys.io4
mi6rogue.com4
kb.vmware.com4
attackerkb.com4
news.mynavi.jp4
www.vmware.com4
gist.github.com4
www.greynoise.io4
www.securityweek.com4
blog.malwarebytes.com4
zpr.io3
buff.ly3
github.com3
izumino.jp3
twitter.com3
core.vmware.com3
tweetedtimes.com3
us-cert.cisa.gov3
thehackernews.com3
www.helpnetsecurity.com3
www.bleepingcomputer.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
Ripple7643 twitter.com Show Tweet
Ripple1911 twitter.com Show Tweet
RikiTerre twitter.com Show Tweet
ChenikaYetunde twitter.com Show Tweet
ChanequaShannah twitter.com Show Tweet
TriciaBrit67302 twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
r0ckysec/CVE-2021-22005 https://github.com/r0ckysec/CVE-2021-22005
rwincey/CVE-2021-22005 https://github.com/rwincey/CVE-2021-22005
5gstudent/CVE-2021-22005- https://github.com/5gstudent/CVE-2021-22005-
1ZRR4H/CVE-2021-22005 https://github.com/1ZRR4H/CVE-2021-22005
X1pe0/VMWare-CVE-Check https://github.com/X1pe0/VMWare-CVE-Check
TheTh1nk3r/exp_hub https://github.com/TheTh1nk3r/exp_hub
TaroballzChen/CVE-2021-22005-metasploit https://github.com/TaroballzChen/CVE-2021-22005-metasploit
Anonymous-ghost/AttackWebFrameworkTools https://github.com/Anonymous-ghost/AttackWebFrameworkTools
RedTeamExp/CVE-2021-22005_PoC https://github.com/RedTeamExp/CVE-2021-22005_PoC
pisut4152/Sigma-Rule-for-CVE-2021-22005-scanning-activity https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-22005-scanning-activity
GitHub Search Results: Up to 10
NameURL
r0ckysec/CVE-2021-22005 github.com
rwincey/CVE-2021-22005 github.com
5gstudent/CVE-2021-22005- github.com
1ZRR4H/CVE-2021-22005 github.com
X1pe0/VMWare-CVE-Check github.com
TheTh1nk3r/exp_hub github.com
TaroballzChen/CVE-2021-22005-metasploit github.com
Anonymous-ghost/AttackWebFrameworkTools github.com
RedTeamExp/CVE-2021-22005_PoC github.com
pisut4152/Sigma-Rule-for-CVE-2021-22005-scanning-activity github.com
2023/04/14 Score : 0
Added Har-sia Database : 2021/09/22
Last Modified : 2023/04/14
Highest Scored Date : 2021/09/23
Highest Score : 167