CVE-2021-21973 – VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2021-21973
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad SSRF (Server Side Request Forgery) debido a una comprobación inapropiada de las URL en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema mediante el envío de una petición POST al plugin vCenter Server conllevando a una divulgación de información. • https://github.com/freakanonymous/CVE-2021-21973-Automateme https://www.vmware.com/security/advisories/VMSA-2021-0002.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-21972 – VMware vCenter Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server. • https://www.exploit-db.com/exploits/50056 https://www.exploit-db.com/exploits/49602 https://github.com/NS-Sp4ce/CVE-2021-21972 https://github.com/horizon3ai/CVE-2021-21972 https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC https://github.com/alt3kx/CVE-2021-21972 https://github.com/milo2012/CVE-2021-21972 https://github.com/B1anda0/CVE-2021-21972 https://github.com/TaroballzChen/CVE-2021-21972 https://github.com/GuayoyoCyber/CVE-2021-21972 https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-3994
https://notcve.org/view.php?id=CVE-2020-3994
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. VMware vCenter Server (versiones 6.7 anteriores a 6.7u3, versiones 6.6 anteriores a 6.5u3k), contiene una vulnerabilidad de secuestro de sesión en la función de actualización de la vCenter Server Appliance Management Interface debido a la falta de comprobación del certificado. Un actor malicioso con posicionamiento de red entre vCenter Server y un repositorio de actualizaciones puede ser capaz de realizar un secuestro de sesión cuando la vCenter Server Appliance Management Interface es usado para descargar actualizaciones de vCenter • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-295: Improper Certificate Validation •
CVE-2020-3976
https://notcve.org/view.php?id=CVE-2020-3976
VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3. VMware ESXi y vCenter Server, contienen una vulnerabilidad de denegación de servicio parcial en sus respectivos servicios de autenticación. VMware ha evaluado que la gravedad de este problema se encuentra en el rango de gravedad Moderada con una puntuación base máxima de CVSSv3 de 5.3. • https://www.vmware.com/security/advisories/VMSA-2020-0018.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-3952 – VMware vCenter Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. Bajo determinadas condiciones, vmdir que se entrega con VMware vCenter Server, como parte de un Platform Services Controller (PSC) incorporado o externo, no implementa correctamente los controles de acceso. VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information. • https://www.exploit-db.com/exploits/48535 https://github.com/bb33bb/CVE-2020-3952 https://github.com/commandermoon/CVE-2020-3952 https://github.com/gelim/CVE-2020-3952 http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html https://www.vmware.com/security/advisories/VMSA-2020-0006 https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952 https://www.vmware.com/security/advisories/VMSA-2020-0006.html https://github.com/HynekPetrak • CWE-306: Missing Authentication for Critical Function •