Vulnerability — CVE-2021-21985

CVE-2021-21985

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-21985
Description:: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Last updated date:: 09/14/2021

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 06/05/2021
Reference url to background: https://www.rapid7.com/blog/post/2021/05/26/cve-2021-21985-vcenter-server-what-you-need-to-know/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 11/03/2021
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/01/2021
Reference url to background: https://github.com/onSec-fr/CVE-2021-21985-Checker

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/05/2021
Reference url to background: https://github.com/testanull/Project_CVE-2021-21985_PoC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 07/12/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/14/2021
Reference url to background: http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html