Exploit for #VU50898 Input validation error in vCenter Server and Cloud Foundation

Vulnerability identifier: #VU50898

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2021-21972

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 24

• May 18, 2022
  • CVE-2021-21972 (VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本) [Github]
• December 27, 2021
  • cve-2021-21972 () [Github]
• November 29, 2021
  • VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 (VMware vCenter 未授权RCE（CVE-2021-21972）) [Github]
• November 23, 2021
  • CVE-2021-21972 () [Github]
• October 29, 2021
  • vcenter_rce (漏洞利用，Vmware vCenter 6.5-7.0 RCE（CVE-2021-21972），上传冰蝎3，getshell) [Github]
• September 15, 2021
  • vcenter_rce (漏洞利用，Vmware vCenter 6.5-7.0 RCE（CVE-2021-21972），上传冰蝎3，getshell) [Github]
• August 29, 2021
  • cve-2021-21972 () [Github]
• August 23, 2021
  • CVE-2021-21972 (Nmap script to check vulnerability CVE-2021-21972) [Github]
• August 19, 2021
  • CVE-2021-21972 ([CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)) [Github]
• July 29, 2021
  • CVE-2021-21972 (CVE-2021-21972 vCenter-6.5-7.0 RCE POC) [Github]
• July 26, 2021
  • CVE-2021-21972 () [Github]
• June 28, 2021
  • VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) [Exploit-DB]
• June 17, 2021
  • VMware vCenter Server 7.0 - Unauthenticated File Upload [Exploit-DB]
• May 30, 2021
  • CVE-2021-21972 (CVE-2021-21972) [Github]
  • CVE-2021-21972 () [Github]
• May 24, 2021
  • CVE-2021-21972-vCenter-6.5-7.0-RCE-POC () [Github]
• May 20, 2021
  • CVE-2021-21972 (CVE-2021-21972 related vulnerability code) [Github]
• May 18, 2021
  • CVE-2021-21972 (CVE-2021-21972) [Github]
• May 9, 2021
  • VMware vCenter Server Unauthenticated OVA File Upload RCE [Metasploit]
• April 23, 2021
  • vSphereyeeter (POC exploit for CVE-2021-21972) [Github]
• March 7, 2021
  • CVE-2021-21972 (CVE-2021-21972 Unauthorized RCE in VMware vCenter metasploit exploit script) [Github]
• February 25, 2021
  • VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept [Packet Storm]
  • CVE-2021-21972 (CVE-2021-21972 Exploit) [Github]
  • CVE-2021-21972 (Proof of Concept Exploit for vCenter CVE-2021-21972) [Github]

Vulnerable software:
vCenter Server
Server applications / Virtualization software
Cloud Foundation
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc