CVE-2021-21972
Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Severity: CRITICAL
CVE ID: CVE-2021-21972
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-21972
Refrence: Project Discovery GitHub
psc4re
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Refrence: GitHub
QmF0c3UK
Refrence: GitHub
NS-Sp4ce
CVE-2021-21972 Exploit
Refrence: GitHub
yaunsky
Refrence: GitHub
horizon3ai
Proof of Concept Exploit for vCenter CVE-2021-21972
Refrence: GitHub
Osyanina
A vulnerability scanner that detects CVE-2021-21972 vulnerabilities.
Refrence: GitHub
alt3kx
Refrence: GitHub
milo2012
CVE-2021-21972
Refrence: GitHub
Udyz
CVE-2021-21972 vCenter-6.5-7.0 RCE POC
Refrence: GitHub
conjojo
VMware vCenter 未授权RCE(CVE-2021-21972)
Refrence: GitHub
L-pin
Refrence: GitHub
B1anda0
VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本
Refrence: GitHub
renini
CVE-2021-21972
Refrence: GitHub
stevenp322
Refrence: GitHub
GuayoyoCyber
Nmap script to check vulnerability CVE-2021-21972
Refrence: GitHub
JMousqueton
Refrence: GitHub
robwillisinfo
VMware vCenter CVE-2021-21972 Tools
Refrence: GitHub
Ma1Dong
漏洞利用,Vmware vCenter 6.5-7.0 RCE(CVE-2021-21972),上传冰蝎3,getshell
Refrence: GitHub
d3sh1n
Refrence: GitHub
ByZain
CVE-2021-21972 related vulnerability code
Refrence: GitHub
TaroballzChen
CVE-2021-21972 Unauthorized RCE in VMware vCenter metasploit exploit script
Refrence: GitHub
password520
Refrence: GitHub
murataydemir
[CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)
Refrence: GitHub
pettyhacks
POC exploit for CVE-2021-21972
Refrence: GitHub
haidv35
Refrence: GitHub
orangmuda
CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)
Refrence: GitHub
user16-et
Refrence: GitHub
Schira4396
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
Refrence: GitHub
Content on GitHub
W01fh4cker | watchers:897
VcenterKit
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Refrence: GitHub
zhzyker | watchers:3278
vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞验证功能
Refrence: GitHub
DougCarroll | watchers:0
CVE_2021_21972
Refrence: GitHub