VMware vCenter - Remote Code Execution (CVE-2021-21972)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
VMware vCenter is affected by a Remote Code Execution vulnerability in VMware vCenter, located in the vCenter Server plugin present in the vSphere Client (HTML5). The root cause is the "uploadova" function in the vRealize Operations Manager Plugin that can allow unauthenticated remote attackers to upload files.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability by overwriting the authorized_keys file of the vsphere-ui user in order to gain access to the target via SSH, if the service is open. Furthermore, the attacker can steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Update the VMware vCenter server to the latest version.
- Detectable with
- Network Scanner
- Vuln date
- Feb 2021
- Published at
- Updated at
- Software Type
- Virtualization
- Vendor
- VMware
- Product
- vCenter Server
- Codename
- Not available
