HomePentest-Tools.com Logo

VMware vCenter - Remote Code Execution (CVE-2021-21972)

Severity
CVSSv3 Score
9.8
Vulnerability description

VMware vCenter is affected by a Remote Code Execution vulnerability in VMware vCenter, located in the vCenter Server plugin present in the vSphere Client (HTML5). The root cause is the "uploadova" function in the vRealize Operations Manager Plugin that can allow unauthenticated remote attackers to upload files.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability by overwriting the authorized_keys file of the vsphere-ui user in order to gain access to the target via SSH, if the service is open. Furthermore, the attacker can steal confidential information, install ransomware or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Update the VMware vCenter server to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Feb 2021
Published at
Updated at
Software Type
Virtualization
Vendor
VMware
Product
vCenter Server