Exploit for #VU50898 Input validation error in vCenter Server and Cloud Foundation

Published: 2021-02-25 | Updated: 2022-05-18

Vulnerability identifier: #VU50898

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21972

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 24

May 18, 2022
- CVE-2021-21972 (VMware vCenter Server远程代码执行漏洞 (CVE-2021-21972)批量检测脚本) [Github]
December 27, 2021
- cve-2021-21972 () [Github]
November 29, 2021
- VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 (VMware vCenter 未授权RCE（CVE-2021-21972）) [Github]
November 23, 2021
- CVE-2021-21972 () [Github]
October 29, 2021
- vcenter_rce (漏洞利用，Vmware vCenter 6.5-7.0 RCE（CVE-2021-21972），上传冰蝎3，getshell) [Github]
September 15, 2021
- vcenter_rce (漏洞利用，Vmware vCenter 6.5-7.0 RCE（CVE-2021-21972），上传冰蝎3，getshell) [Github]
August 29, 2021
- cve-2021-21972 () [Github]
August 23, 2021
- CVE-2021-21972 (Nmap script to check vulnerability CVE-2021-21972) [Github]
August 19, 2021
- CVE-2021-21972 ([CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE)) [Github]
July 29, 2021
- CVE-2021-21972 (CVE-2021-21972 vCenter-6.5-7.0 RCE POC) [Github]
July 26, 2021
- CVE-2021-21972 () [Github]
June 28, 2021
- VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated) [Exploit-DB]
June 17, 2021
- VMware vCenter Server 7.0 - Unauthenticated File Upload [Exploit-DB]
May 30, 2021
- CVE-2021-21972 (CVE-2021-21972) [Github]
- CVE-2021-21972 () [Github]
May 24, 2021
- CVE-2021-21972-vCenter-6.5-7.0-RCE-POC () [Github]
May 20, 2021
- CVE-2021-21972 (CVE-2021-21972 related vulnerability code) [Github]
May 18, 2021
- CVE-2021-21972 (CVE-2021-21972) [Github]
May 9, 2021
- VMware vCenter Server Unauthenticated OVA File Upload RCE [Metasploit]
April 23, 2021
- vSphereyeeter (POC exploit for CVE-2021-21972) [Github]
March 7, 2021
- CVE-2021-21972 (CVE-2021-21972 Unauthorized RCE in VMware vCenter metasploit exploit script) [Github]
February 25, 2021
- VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept [Packet Storm]
- CVE-2021-21972 (CVE-2021-21972 Exploit) [Github]
- CVE-2021-21972 (Proof of Concept Exploit for vCenter CVE-2021-21972) [Github]

Impact: Code execution

Vulnerable software:
vCenter Server
Server applications / Virtualization software
Cloud Foundation
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc