CVE-2021-21972

VMware vCenter Server Remote Code Execution Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

El VSphere Client (HTML5) contiene una vulnerabilidad de ejecución de código remota en un plugin de vCenter Server. Un actor malicioso con acceso de red al puerto 443 puede explotar este problema para ejecutar comandos con privilegios no restringidos en el sistema operativo subyacente que aloja vCenter Server. Esto afecta a VMware vCenter Server (versiones 7.x anteriores a 7.0 U1c, versiones 6.7 anteriores a 6.7 U3l y versiones 6.5 anteriores a 6.5 U3n) y VMware Cloud Foundation (versiones 4.x anteriores a 4.2 y versiones 3.x anteriores a 3.10.1.2)

VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-02-23 First Exploit
2021-02-24 CVE Published
2021-11-03 Exploited in Wild
2021-11-17 KEV Due Date
2024-08-03 CVE Updated
2024-09-03 EPSS Updated

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (32)

URL	Tag	Source
https://swarm.ptsecurity.com/unauth-rce-vmware
https://twitter.com/jas502n/status/1364810720261496843
https://twitter.com/_0xf4n9x_/status/1364905040876503045
https://twitter.com/HackingLZ/status/1364636303606886403
https://kb.vmware.com/s/article/2143838
https://nmap.org/nsedoc/scripts/vmware-version.html

URL	Date	SRC
https://www.exploit-db.com/exploits/50056	2021-06-24
https://www.exploit-db.com/exploits/49602	2021-03-01
https://github.com/NS-Sp4ce/CVE-2021-21972	2023-06-08
https://github.com/horizon3ai/CVE-2021-21972	2021-02-25
https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC	2021-03-01
https://github.com/alt3kx/CVE-2021-21972	2021-02-25
https://github.com/milo2012/CVE-2021-21972	2021-03-01
https://github.com/B1anda0/CVE-2021-21972	2021-02-25
https://github.com/TaroballzChen/CVE-2021-21972	2021-03-07
https://github.com/GuayoyoCyber/CVE-2021-21972	2021-03-03
https://github.com/orangmuda/CVE-2021-21972	2022-03-07
https://github.com/yaunsky/CVE-2021-21972	2021-02-24
https://github.com/murataydemir/CVE-2021-21972	2021-04-06
https://github.com/ByZain/CVE-2021-21972	2021-03-04
https://github.com/haidv35/CVE-2021-21972	2021-08-02
https://github.com/renini/CVE-2021-21972	2021-02-25
https://github.com/L-pin/CVE-2021-21972	2021-02-26
https://github.com/ZTK-009/CVE-2021-21972	2021-02-28
https://github.com/TAI-REx/CVE-2021-21972	2021-02-25
https://github.com/JMousqueton/Detect-CVE-2021-21972	2021-02-27
https://github.com/Osyanina/westone-CVE-2021-21972-scanner	2021-03-20
http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html	2024-08-03
http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html	2024-08-03
http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html	2024-08-03
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/vmware_vcenter_uploadova_rce.rb	2021-02-23

URL	Date	SRC

URL	Date	SRC
https://www.vmware.com/security/advisories/VMSA-2021-0002.html	2021-02-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation"				>= 3.0 < 3.10.1.2 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 3.0 < 3.10.1.2"		-		Affected
Vmware Search vendor "Vmware"		Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation"				>= 4.0 < 4.2 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 4.0 < 4.2"		-		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		-		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		a		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		c		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		e		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		f		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update1d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update1e		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update1g		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update2		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update2b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update2c		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update2d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update2g		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update3		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update3d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update3f		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5"		update3k		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		-		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		a		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update1		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update1b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update2		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update2a		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update2c		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3a		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3f		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3g		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7"		update3j		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		-		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		a		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		b		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		c		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		d		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		update1		Affected
Vmware Search vendor "Vmware"		Vcenter Server Search vendor "Vmware" for product "Vcenter Server"				7.0 Search vendor "Vmware" for product "Vcenter Server" and version "7.0"		update1a		Affected