Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-21972

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

POC

Reference

- http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html

- http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0ps/pocassistdb

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0x7n6/OSCP

- https://github.com/0xMarcio/cve

- https://github.com/0xStrygwyr/OSCP-Guide

- https://github.com/0xZipp0/OSCP

- https://github.com/0xsyr0/OSCP

- https://github.com/12442RF/Learn

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/20142995/sectool

- https://github.com/24-2021/fscan-POC

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Andromeda254/cve

- https://github.com/Awrrays/FrameVul

- https://github.com/B1anda0/CVE-2021-21972

- https://github.com/BugBlocker/lotus-scripts

- https://github.com/ByZain/CVE-2021-21972

- https://github.com/CLincat/vulcat

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Coldplay1517/Middleware-Vulnerability-detection-master

- https://github.com/CyAxe/lotus-scripts

- https://github.com/DaveCrown/vmware-kb82374

- https://github.com/DougCarroll/CVE_2021_21972

- https://github.com/Drajoncr/AttackWebFrameworkTools

- https://github.com/EdgeSecurityTeam/Vulnerability

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/GhostTroops/TOP

- https://github.com/GuayoyoCyber/CVE-2021-21972

- https://github.com/HimmelAward/Goby_POC

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JERRY123S/all-poc

- https://github.com/JMousqueton/Detect-CVE-2021-21972

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/L-pin/CVE-2021-21972

- https://github.com/Ly0nt4r/OSCP

- https://github.com/Ma1Dong/vcenter_rce

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NS-Sp4ce/CVE-2021-21972

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Osyanina/westone-CVE-2021-21972-scanner

- https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC

- https://github.com/R1card0-tutu/Red

- https://github.com/Ratlesv/LadonGo

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/SYRTI/POC_to_review

- https://github.com/SantoriuHen/NotesHck

- https://github.com/Schira4396/VcenterKiller

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/SirElmard/ethical_hacking

- https://github.com/SofianeHamlaoui/Conti-Clear

- https://github.com/SouthWind0/southwind0.github.io

- https://github.com/TAI-REx/CVE-2021-21972

- https://github.com/TaroballzChen/CVE-2021-21972

- https://github.com/Threekiii/Awesome-POC

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/UGF0aWVudF9aZXJv/VMWare-Pentesting

- https://github.com/Udyz/CVE-2021-21972

- https://github.com/VishuGahlyan/OSCP

- https://github.com/Vulnmachines/VmWare-vCenter-vulnerability

- https://github.com/W01fh4cker/VcenterKit

- https://github.com/Whitehorse-rainbow/-Infiltration-summary

- https://github.com/Whoiszzr/exp-oner

- https://github.com/WhooAmii/POC_to_review

- https://github.com/WingsSec/Meppo

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZTK-009/CVE-2021-21972

- https://github.com/ZTK-009/LadonGo

- https://github.com/aneasystone/github-trending

- https://github.com/anquanscan/sec-tools

- https://github.com/apachecn-archive/Middleware-Vulnerability-detection

- https://github.com/ayushkumar123a/cybersecurity-task1-portscan

- https://github.com/b1ank1108/awesome-stars

- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform

- https://github.com/bhassani/Recent-CVE

- https://github.com/bhdresh/SnortRules

- https://github.com/byteofandri/CVE-2021-21972

- https://github.com/byteofjoshua/CVE-2021-21972

- https://github.com/cc8700619/poc

- https://github.com/chaosec2021/fscan-POC

- https://github.com/conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/czz1233/fscan

- https://github.com/d3sh1n/cve-2021-21972

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/dabaibuai/dabai

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/djytmdj/Tool_Summary

- https://github.com/e-hakson/OSCP

- https://github.com/eljosep/OSCP-Guide

- https://github.com/exfilt/CheatSheet

- https://github.com/fazilbaig1/oscp

- https://github.com/githubfoam/ubuntu_sandbox

- https://github.com/gobysec/Goby

- https://github.com/guchangan1/All-Defense-Tool

- https://github.com/haiclover/CVE-2021-21972

- https://github.com/haidv35/CVE-2021-21972

- https://github.com/halencarjunior/vcenter-rce-2021-21972

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/horizon3ai/CVE-2021-21972

- https://github.com/huike007/penetration_poc

- https://github.com/huimzjty/vulwiki

- https://github.com/huisetiankong478/penetration_poc

- https://github.com/iamramahibrah/NSE-Scripts

- https://github.com/itscio/LadonGo

- https://github.com/jbmihoub/all-poc

- https://github.com/jitmondal1/OSCP

- https://github.com/joanbono/nuclei-templates

- https://github.com/jweny/pocassistdb

- https://github.com/k0imet/CVE-POCs

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/k8gege/LadonGo

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection

- https://github.com/mamba-2021/fscan-POC

- https://github.com/manas3c/CVE-POC

- https://github.com/mdisec/mdisec-twitch-yayinlari

- https://github.com/meltingscales/DragonShard

- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0

- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0

- https://github.com/milo2012/CVE-2021-21972

- https://github.com/mstxq17/SecurityArticleLogger

- https://github.com/murataydemir/CVE-2021-21972

- https://github.com/n0-traces/cve_monitor

- https://github.com/n1sh1th/CVE-POC

- https://github.com/nitishbadole/oscp-note-3

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/onewinner/VulToolsKit

- https://github.com/orangmuda/CVE-2021-21972

- https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document

- https://github.com/oscpname/OSCP_cheat

- https://github.com/parth45/cheatsheet

- https://github.com/password520/CVE-2021-21972

- https://github.com/password520/LadonGo

- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5

- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/pettyhacks/vSphereyeeter

- https://github.com/psc4re/NSE-scripts

- https://github.com/r0eXpeR/supplier

- https://github.com/rastidoust/Red

- https://github.com/rastidoust/rastidoust.github.io

- https://github.com/renini/CVE-2021-21972

- https://github.com/revanmalang/OSCP

- https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972

- https://github.com/saucer-man/exploit

- https://github.com/shengshengli/AttackWebFrameworkTools-5.0

- https://github.com/shengshengli/LadonGo

- https://github.com/shengshengli/fscan-POC

- https://github.com/soosmile/POC

- https://github.com/stevenp322/cve-2021-21972

- https://github.com/stevenp322/vSphereYeeter

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/tijldeneut/Security

- https://github.com/tom0li/collection-document

- https://github.com/trhacknon/Pocingit

- https://github.com/txuswashere/OSCP

- https://github.com/tzwlhack/Vulnerability

- https://github.com/user16-et/cve-2021-21972_PoC

- https://github.com/vikerup/Get-vSphereVersion

- https://github.com/viksafe/Get-vSphereVersion

- https://github.com/vpxuser/Central-Management-System-Exploitation-Cheat-Sheet

- https://github.com/vpxuser/centralized-system-pentest-cheat-sheet

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/whoami13apt/tool-

- https://github.com/whoforget/CVE-POC

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/xhref/OSCP

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/yaunsky/CVE-2021-21972

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve

- https://github.com/zeroc00I/nuclei-templates-2

- https://github.com/zhangziyang301/All-Defense-Tool

- https://github.com/zhzyker/vulmap

- https://github.com/zidanfanshao/vcenter_tools