HomePentest-Tools.com Logo

VMware vCenter - Remote Code Execution (CVE-2021-21985)

Severity
CVSSv3 Score
9.8
Vulnerability description

VMware vCenter is affected by a Remote Code Execution, located on the /ui/h5van/rest/proxy/service endpoint. The root cause of this vulnerability is the lack of input validation in the Virtual SAN Health Check plug-in. An attacker can exploit this vulnerability to execute commands with limited privileges on the underlying operating system via HTTP POST requests.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the VMware vCenter server in order to steal confidential information, install ransomware or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Update the VMware vCenter server to the latest version or use the workarounds released by VMware.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
May 2021
Published at
Updated at
Software Type
Virtualization
Vendor
VMware
Product
vCenter Server