Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-21973

Published: 24/02/2021 Updated: 15/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 448
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Vmware

Vulnerability Summary

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x prior to 7.0 U1c, 6.7 prior to 6.7 U3l and 6.5 prior to 6.5 U3n) and VMware Cloud Foundation (4.x prior to 4.2 and 3.x prior to 3.10.1.2).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vcenter server 6.5

vmware vcenter server 6.7

vmware vcenter server 7.0

vmware cloud foundation

Vendor Advisories

Check Point Security Alerts: VMware Multiple Products Server-Side Request Forgery (CVE-2021-21973)
Check Point Reference: CPAI-2021-2091 Date Published: 28 Jan 2024 Severity: Medium ...

Github Repositories

https://github.com/DaveCrown/vmware-kb82374

A simple play to apply the workaround in KB82374

vmware-kb83829 Workaround for CVE-2021-21972, CVE-2021-21973, CVE-2021-21985, CVE-2021-21986 Description Disable and enables vulernble HTML5 vCenter plugin to incomptatable as a work around per the KB If you want the knowledge base articles, see the Reference Section The Play's workflow SSH's in to the VC and sets the vrops plugin to incompatible Restarts the vsph

https://github.com/pr4jwal/CVE-2020-0796

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

https://github.com/murataydemir/CVE-2021-21972

[CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)

[CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE) The vSphere Web Client (HTML5) is essentially an administrative interface that enables management of a vSphere installation The vSphere Client provides an administrator with access to the key functions of vSphere without the need to access a vSphere server directly It allows admini

https://github.com/byteofjoshua/CVE-2021-21972

CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)

CVE-2021-21972 [CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE) The vSphere Web Client (HTML5) is essentially an administrative interface that enables management of a vSphere installation The vSphere Client provides an administrator with access to the key functions of vSphere without the need to access a vSphere server directly I

https://github.com/psc4re/NSE-scripts

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

https://github.com/iamramahibrah/NSE-Scripts

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

https://github.com/oxctdev/CVE-2021-21972

CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)

CVE-2021-21972 [CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE) The vSphere Web Client (HTML5) is essentially an administrative interface that enables management of a vSphere installation The vSphere Client provides an administrator with access to the key functions of vSphere without the need to access a vSphere server directly I

https://github.com/freakanonymous/CVE-2021-21973-Automateme

automate me!

CVE-2021-21973-Automateme automate me!

https://github.com/pr4jwal/NSE-scripts

NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473

Contains Custom NSE scripts CVE-2020-0796 NSE script to detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) The script is a modified version of smb-protocolsnse script with a modified output data for v311 detection and validating CVE-2020-0796 Note: This script just safe checks for CVE-2020-0796 vulnerability on SMBv3 and doesn&

https://github.com/byteofandri/CVE-2021-21972

CVE-2021-21972 – ᴠᴍᴡᴀʀᴇ ᴄʟɪᴇɴᴛ ᴜɴᴀᴜᴛʜᴏʀɪᴢᴇᴅ ᴄᴏᴅᴇ ɪɴᴊᴇᴄᴛɪᴏɴ (ʀᴄᴇ)

CVE-2021-21972 [CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE) The vSphere Web Client (HTML5) is essentially an administrative interface that enables management of a vSphere installation The vSphere Client provides an administrator with access to the key functions of vSphere without the need to access a vSphere server directly I

Recent Articles

VMware warns of critical remote code execution flaw in vSphere HTML5 client
The Register • Simon Sharwood, APAC Editor • 23 Feb 2021

If you don't patch, the hosts driving all your virty servers are at risk. So maybe your to-do list needs a tickle? Dying software forces changes to VMware’s vSphere Clients

VMware has revealed a critical-rated bug in the HTML5 client for its flagship vSphere hybrid cloud suite. "The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin," says VMware's notification. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server." As vCenter Server is the tool that drives a fleet of virtual servers, this C...

Read more...

References

CWE-918https://www.vmware.com/security/advisories/VMSA-2021-0002.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2021/02/23/vmware_vsphere_critical_bugs/https://github.com/DaveCrown/vmware-kb82374https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2021-2091.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook