CVE-2021-22005
Description
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
Severity: CRITICAL
CVE ID: CVE-2021-22005
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-22005
Refrence: Project Discovery GitHub
1ZRR4H
Refrence: GitHub
pisut4152
Refrence: GitHub
Jeromeyoung
CVE-2021-22005
Refrence: GitHub
5gstudent
CVE-2021-22005批量验证python脚本
Refrence: GitHub
RedTeamExp
CVE-2021-22005_PoC
Refrence: GitHub
rwincey
Refrence: GitHub
TaroballzChen
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability
Refrence: GitHub
tiagob0b
Refrence: GitHub
Jun-5heng
VMware vCenter Server任意文件上传漏洞 / Code By:Jun_sheng
Refrence: GitHub
shmilylty
Refrence: GitHub
timb-machine-mirrors
Clone from gist
Refrence: GitHub
InventorMAO
cve-2021-22005vcenter任意文件上传漏洞,可直接上传冰蝎
Refrence: GitHub
Content on GitHub
CrackerCat | watchers:3
CVE-2021-22006
CVE-2021-22005 - VMWare vCenter Server File Upload to RCE
Refrence: GitHub
Schira4396 | watchers:1253
VcenterKiller
一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接
Refrence: GitHub
TheTh1nk3r | watchers:16
exp_hub
漏洞复现与poc收集,CVE-2021-21975,cve-2021-22005,CVE-2021-26295,VMware vCenter任意文件读取
Refrence: GitHub
W01fh4cker | watchers:897
VcenterKit
Vcenter综合渗透利用工具包 | Vcenter Comprehensive Penetration and Exploitation Toolkit
Refrence: GitHub
mamba-2021 | watchers:24
EXP-POC
汇总平时写的一些POC&EXP
Refrence: GitHub