Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-21985

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

POC

Reference

- http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html

- http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html

Github

- https://github.com/12442RF/Learn

- https://github.com/20142995/Goby

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/sectool

- https://github.com/3th1c4l-t0n1/awesome-csirt

- https://github.com/7roublemaker/VMware-RCE-check

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Advisory-Newsletter/Blackmatter

- https://github.com/Awrrays/FrameVul

- https://github.com/BugBlocker/lotus-scripts

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Coldplay1517/Middleware-Vulnerability-detection-master

- https://github.com/CyAxe/lotus-scripts

- https://github.com/DaveCrown/vmware-kb82374

- https://github.com/GhostTroops/TOP

- https://github.com/Git-Prashant0/Web-Application-Penetration-Test-Report

- https://github.com/HimmelAward/Goby_POC

- https://github.com/HynekPetrak/HynekPetrak

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/S3cur3Th1sSh1t/My-starred-Repositories

- https://github.com/SYRTI/POC_to_review

- https://github.com/Schira4396/VcenterKiller

- https://github.com/SexyBeast233/SecBooks

- https://github.com/SofianeHamlaoui/Conti-Clear

- https://github.com/Spacial/awesome-csirt

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/W01fh4cker/VcenterKit

- https://github.com/WhooAmii/POC_to_review

- https://github.com/Z0fhack/Goby_POC

- https://github.com/aneasystone/github-trending

- https://github.com/apachecn-archive/Middleware-Vulnerability-detection

- https://github.com/aristosMiliaressis/CVE-2021-21985

- https://github.com/b1ank1108/awesome-stars

- https://github.com/bigbroke/CVE-2021-21985

- https://github.com/brandonshiyay/My-Security-Learning-Resources

- https://github.com/cc8700619/poc

- https://github.com/dabaibuai/dabai

- https://github.com/daedalus/CVE-2021-21985

- https://github.com/djytmdj/Tool_Summary

- https://github.com/fardeen-ahmed/Bug-bounty-Writeups

- https://github.com/guchangan1/All-Defense-Tool

- https://github.com/haiclover/CVE-2021-21985

- https://github.com/haidv35/CVE-2021-21985

- https://github.com/hktalent/Scan4all_Pro

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/joydo/CVE-Writeups

- https://github.com/k0imet/CVE-POCs

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/leoambrus/CheckersNomisec

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection

- https://github.com/malwaremily/infosec-news-briefs

- https://github.com/manas3c/CVE-POC

- https://github.com/mauricelambert/CVE-2021-21985

- https://github.com/n0-traces/cve_monitor

- https://github.com/n1sh1th/CVE-POC

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/onSec-fr/CVE-2021-21985-Checker

- https://github.com/onewinner/VulToolsKit

- https://github.com/pen4uin/awesome-vulnerability-research

- https://github.com/pen4uin/vulnerability-research

- https://github.com/pen4uin/vulnerability-research-list

- https://github.com/r0ckysec/CVE-2021-21985

- https://github.com/r0eXpeR/supplier

- https://github.com/rusty-sec/lotus-scripts

- https://github.com/sknux/CVE-2021-21985_PoC

- https://github.com/soosmile/POC

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/testanull/Project_CVE-2021-21985_PoC

- https://github.com/trhacknon/Pocingit

- https://github.com/whoami13apt/tool-

- https://github.com/whoforget/CVE-POC

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/xnianq/cve-2021-21985_exp

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve

- https://github.com/zhangziyang301/All-Defense-Tool

- https://github.com/zidanfanshao/vcenter_tools