Showing 1 - 4 of 4

CVE-2021-21972

Status Candidate

Overview

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Related Files

VMware vCenter 6.5 / 6.7 / 7.0 Remote Code Execution: Posted Jun 24, 2021; Authored by CHackA0101; VMware vCenter server versions 6.5, 6.7, and 7.0 unauthenticated remote code execution exploit.; tags | exploit, remote, code execution; advisories | CVE-2021-21972; SHA-256 | 94e41c511d5d15a622ec6d606fa4269ad0be5284a51e1ba728f5e6e62b910b67; Download | Favorite | View

VMware vCenter Server File Upload / Remote Code Execution: Posted Mar 8, 2021; Authored by mr_me, wvu, Mikhail Klyuchnikov, Viss | Site metasploit.com; This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitable via the webshell technique. Furthermore, writing an SSH public key to /home/vsphere-ui/.ssh/authorized_keys works, but the user's non-existent password expires 90 days after install, rendering the technique nearly useless against production environments. You'll have the best luck targeting older versions of the Linux appliance. The Windows target should work ubiquitously.; tags | exploit, web, file upload; systems | linux, windows; advisories | CVE-2021-21972; SHA-256 | ee1f708da8c9cdb296637b11bf11d0e1c52209633c21780eca035b11e77bfd1d; Download | Favorite | View

VMware vCenter Server 7.0 Arbitrary File Upload: Posted Mar 1, 2021; Authored by Photubias; VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.; tags | exploit, arbitrary, file upload; advisories | CVE-2021-21972; SHA-256 | 799c1c46954c9683e557c8e1a417d133206fb6622b8109abd3fd919820dc39a2; Download | Favorite | View

VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept: Posted Feb 24, 2021; Authored by NebulabdSec | Site github.com; VMware vCenter version 6.5 and 7.0 remote code execution proof of concept exploit.; tags | exploit, remote, code execution, proof of concept; advisories | CVE-2021-21972; SHA-256 | 9c96c0db7f03de2a504caab808f8c52d5539b617a600a774abb1b8abb139a92b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2021-21972

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems