3WaySecure Consulting

03.20.2022
Vulnerability Analysis : Critical Unauthorized Remote Code Execution in VMware vCenter (CVE-2021-21972)

High-risk critical vulnerabilities:

CVE-2021-21972 is an unauthorized file upload vulnerability in Vcenter. Any location on the vcenter server can exploit this vulnerability to upload files. If it is a Linux environment and ssh is opened, this vulnerability can upload the public key and log in directly through ssh. vSphere is a virtualization platform suite provided by VMware, including a series of software such as ESXi and vCenter Server. Enables IT administrators to increase control, simplify onboarding tasks, and reduce the complexity and cost of managing IT environments.

A remote code execution vulnerability exists in the vSphere Client (HTML5) in the vCenter Server plug-in. An unauthorized attacker can send a crafted request to vCenter Server through a server that opens port 443, thereby writing a webshell on the server, and ultimately causing remote arbitrary code execution. The control center of ESXi is vCenter Server, which allows all vSphere hosts and virtual machines in a data center to be managed from a single point of control. The advantage of this is that IT administrators can increase control and reduce the complexity and cost of managing the IT environment.

VMware has rated this issue as Critical with a CVSSv3 score of 9.8.

Affect version

VMware vCenter Server 7.0 series < 7.0.U1c

VMware vCenter Server 6.7 series < 6.7.U3l

VMware vCenter Server 6.5 series < 6.5 U3n

VMware ESXi 7.0 series < ESXi70U1c-17325551

VMware ESXi 6.7 series < ESXi670-202102401-SG

VMware ESXi 6.5 series < ESXi650-202102101-SG

Recent Vulnerabilities

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Get A Free Consultation

Learn more about our services and solutions to protect your business.