The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.vmware.com/security/advisories/VMSA-2021-0002.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-02-24T16:42:05
Updated: 2021-06-24T19:06:12
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-21972
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-24T17:15:15.833
Modified: 2024-02-13T16:44:51.980
Link: CVE-2021-21972
JSON object: View
Redhat Information
No data.
CWE