CVE-2021-21985

CRITICAL9.8SSRF

CISA KEVRansomwarePublic PoCTrendingHigh EPSS

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Exploits & proofs of concept

nucleiVMware vSphere Client (HTML5) - Remote Code Executionby D0rkerDevil

References

VENDOR_ADVISORYhttps://www.vmware.com/security/advisories/VMSA-2021-0010.html
EXPLOIThttp://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html
EXPLOIThttp://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html