.. / CVE-2021-21972

Exploit for VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21972)

Description:

VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Nuclei Template

View the template here CVE-2021-21972.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21972.yaml

References:

http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
https://nvd.nist.gov/vuln/detail/CVE-2021-21972
https://swarm.ptsecurity.com/unauth-rce-vmware/
https://github.com/NS-Sp4ce/CVE-2021-21972

.. / CVE-2021-21972 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21972)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-21972