Published: 26/05/2021 Updated: 14/09/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 894

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware vcenter server 6.5
vmware vcenter server 6.7
vmware vcenter server 7.0
vmware cloud foundation

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user See the vendor advisory for affected and patched versions Tested against VMware vCenter Server 67 Update 3m (Linux appliance ...

VMware-RCE-Check Check RCE vulnerability of VMware Include： CVE-2021-21985 CVE-2021- CVE-2021- ENV python3 Requirements requests Usage python3 vmware_checkpy targetstxt

cve-2021-21985 powershell poc

CVE-2021-21985

A simple play to apply the workaround in KB82374

vmware-kb83829 Workaround for CVE-2021-21972, CVE-2021-21973, CVE-2021-21985, CVE-2021-21986 Description Disable and enables vulernble HTML5 vCenter plugin to incomptatable as a work around per the KB If you want the knowledge base articles, see the Reference Section The Play's workflow SSH's in to the VC and sets the vrops plugin to incompatible Restarts the vsph

cve-2021-21985 exploit

cve-2021-21985 exploit 0x01 漏洞点分析可见： attackerkbcom/topics/X85GKjaVER/cve-2021-21985?referrer=home#rapid7-analysis 0x02 exploit 对beans对象进行重新构造，实现rce。 bean列表： localizedMessageBundle vsanWorkerThreadFactory vsanThreadPoolImpl vsanServiceBundleActivator vsanServiceFactory vsanProviderUtils_setVmodlHelper vsanProviderUtils_s

CVE-2021-21985 (Vulnerable Code) CLASS/METHOD(s) available, a little sample for PoC purposes: comvmwarevsanclientservicescapabilityVsanCapabilityProvider [/snip] getClusterCapabilityData getHostCapabilityData getHostsCapabilitiyData getIsDeduplicationSupported getIsEncryptionSupported getIsLocalDataProtectionSupportedOnVc getIsLocalDataProtectionSupportedOnCluster getI

VMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE (CVE-2021-21985)

Vulnerability Details VMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE (CVE-2021-21985) The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Serv

All-Defense-Tool 首先恭喜你发现了宝藏。本项目集成了全网优秀的开源攻防武器项目，包含信息收集工具（自动化利用工具、资产发现工具、目录扫描工具、子域名收集工具、指纹识别工具、端口扫描工具、各种插件etc），漏洞利用工具（各大CMS利用工具、中间件利用工具等项目

Multiple vulnerabilities in the vSphere Client (HTML5) were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.

CVE-2021-21985 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 98 A malicious actor with network access to port

CVE-2021-21985 Checker.

CVE-2021-21985 Checker Simple Powershell implementation of @alt3kx nmap script Usage \CVE-2021-21985ps1 vcenterhostnamecom Output TARGET VULNERABLE or TARGET NOT VULNERABLE

Project_CVE-2021-21985_PoC JNI Compile gcc -fPIC -I"$JAVA_HOME/include" -I"$JAVA_HOME/include/linux" -shared -o libhelloso HelloJNIc

A collections of good security articles I have come across.

My-Security-Learning-Resources A collections of good security articles I have come across Note that this repository does NOT have any actual contents than a list of urls Also not all articles are in English, but with the Google Translate browser extension there should be no issue understanding the most of contents I will be noting the source language though Most articles ma

This script check the CVE-2021-21985 vulnerability and patch on vCenter Server.

CVE_2021_21985 Description This script check the CVE-2021-21985 vulnerability and patch on vCenter Server Requirements Python3 Python3 Standard Library Installation git clone githubcom/mauricelambert/CVE_2021_21985git / Example To check IP 10002, 10003 and hostname vCenter3: python3 CVE_2021_21985py 10002 10003 v

BLACKMATTER RANSOMWARE RELATED IOCs, MITIGATION STEPS AND REFERENCE LINKS Common Vulnerabilities and Exposures (CVE) CVE-2021-21985, CVE-2021-37973 IOCs (Indicators of compromise) PAYLOADS: 6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502 d4645d2c29505cf10d1b201826c777b62cbf9d752cb1008bef1192e0dd545a82 SHA256 HASHES : 072158f5588440e6c94cb419ae06a27cf584afe3b0cb

VMware reveals critical vCenter hole it says ‘needs to be considered at once’

The Register • Simon Sharwood, APAC Editor • 26 May 2021

Unauthenticated remote code execution possible thanks to vSphere Client bug

VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server. The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin – even if you don’t run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware’s advisory this week, is: “A malicious actor with network access to port 443 may exploit this issue to execute comm...

CVE-2021-21985

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect