CVE-2021-21972 PoC — VMware vSphere Client 路径遍历漏洞

Source

https://github.com/B1anda0/CVE-2021-21972

Associated Vulnerability

Title:VMware vSphere Client 路径遍历漏洞 (CVE-2021-21972)
Description:The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Description

VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本

Readme

## 使用方法&免责声明

VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)

使用方法：`Python CVE-2021-21972.py urls.txt`

urls.txt 中每个url为一行，漏洞地址输出在vul.txt中

##### 影响版本：

VMware vCenter Server 7.0系列 < 7.0.U1c

VMware vCenter Server 6.7系列 < 6.7.U3l

VMware vCenter Server 6.5系列 < 6.5 U3n



工具仅用于安全人员安全测试，任何未授权检测造成的直接或者间接的后果及损失，均由使用者本人负责

File Snapshot


 [4.0K]  /data/pocs/bd44eca923978bf63b9a89a5c58575d74c95b059
├── [ 78K]  CVE-2021-21972.png
├── [2.1K]  CVE-2021-21972.py
├── [ 522]  README.md
└── [  40]  urls.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!