CVE-2021-21972

HIGH

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

References

http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html

http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Details

Source: MITRE

Published: 2021-02-24

Updated: 2021-03-25

Type: CWE-269

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*

cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
146826	VMware vCenter Server 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2021-0002)	Nessus	Misc.	critical
146825	VMware vCenter Server RCE (direct check)	Nessus	Misc.	critical