CVE-2021-21972 – VMware vCenter Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server. • https://www.exploit-db.com/exploits/50056 https://www.exploit-db.com/exploits/49602 https://github.com/NS-Sp4ce/CVE-2021-21972 https://github.com/horizon3ai/CVE-2021-21972 https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC https://github.com/alt3kx/CVE-2021-21972 https://github.com/milo2012/CVE-2021-21972 https://github.com/B1anda0/CVE-2021-21972 https://github.com/TaroballzChen/CVE-2021-21972 https://github.com/GuayoyoCyber/CVE-2021-21972 https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-21974 – VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21974
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. OpenSLP como es usado en ESXi (versiones 7.0 anteriores a ESXi70U1c-17325551, versiones 6.7 anteriores a ESXi670-202102401-SG, versiones 6.5 anteriores a ESXi650-202102101-SG), presenta una vulnerabilidad de desbordamiento de la pila. Un actor malicioso que reside dentro del mismo segmento de red que ESXi y que presenta acceso al puerto 427 puede desencadenar el problema de desbordamiento de la pila en el servicio OpenSLP, resultando en una ejecución de código remota This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of VMware ESXi. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. • https://github.com/Shadow0ps/CVE-2021-21974 https://github.com/n2x4/Feb2023-CVE-2021-21974-OSINT http://packetstormsecurity.com/files/162957/VMware-ESXi-OpenSLP-Heap-Overflow.html https://www.vmware.com/security/advisories/VMSA-2021-0002.html https://www.zerodayinitiative.com/advisories/ZDI-21-250 • CWE-787: Out-of-bounds Write •
CVE-2020-4004
https://notcve.org/view.php?id=CVE-2020-4004
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-202011101-SG, versiones 6.5 anteriores a ESXi650-202011301-SG), Workstation (versiones 15.x anteriores a 15.5.7), Fusion (versiones 11.x anteriores a 11.5.7), contienen una vulnerabilidad de uso de la memoria previamente liberada en el controlador USB XHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede explotar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host • https://www.vmware.com/security/advisories/VMSA-2020-0026.html • CWE-416: Use After Free •
CVE-2020-4005
https://notcve.org/view.php?id=CVE-2020-4005
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-202011101-SG, versiones 6.5 anteriores a ESXi650-202011301-SG), contiene una vulnerabilidad de escalada de privilegios que se presenta en la manera en que son administradas determinadas llamadas del sistema. Un actor malicioso con privilegios dentro del proceso VMX únicamente, puede escalar sus privilegios en el sistema afectado. • https://www.vmware.com/security/advisories/VMSA-2020-0026.html •
CVE-2020-3993
https://notcve.org/view.php?id=CVE-2020-3993
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes desde el administrador de NSX. Un actor malicioso con posicionamiento MITM puede ser capaz de explotar este problema para comprometer el nodo de transporte • https://www.vmware.com/security/advisories/VMSA-2020-0023.html •