CVE-2021-21972 PoC — VMware vSphere Client 路径遍历漏洞

Source

https://github.com/Osyanina/westone-CVE-2021-21972-scanner

Associated Vulnerability

Title:VMware vSphere Client 路径遍历漏洞 (CVE-2021-21972)
Description:The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Description

A vulnerability scanner that detects CVE-2021-21972 vulnerabilities.

Readme

# westone-CVE-2021-21972-scanner  
VMware vCenter Server remote code execution vulnerability.A malicious attacker with access to port 443 can send a carefully constructed request to vCenter Server, which will eventually cause remote arbitrary code execution.  
# Installation & Usage  
git clone https://github.com/Osyanina/westone-CVE-2021-21972-scanner.git  
cd westone-CVE-2021-21972-scanner  
cmd CVE-2021-21972.exe  
# Repair suggestions  
Upgrade from vCenter Server7.0 version to 7.0.U1c  
Upgrade from vCenter Server6.7 version to 6.7.U3l  
Upgrade from vCenter Server6.5 to 6.5 U3n

File Snapshot


 [4.0K]  /data/pocs/d415fee1d9169d837409e4f1792745057b480ada
└── [ 593]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!