Main Vulnerability Database Exploits ID:5522 - Exploit for Input validation error in vCenter Server and Cloud Foundation - CVE-2021-21985

ID:5522 - Exploit for Input validation error in vCenter Server and Cloud Foundation - CVE-2021-21985

Published: June 3, 2021

Vulnerability identifier: #VU53595

Vulnerability risk: Critical

CVE-ID: CVE-2021-21985

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
vCenter Server
Cloud Foundation

Link to public exploit:

https://github.com/r0ckysec/CVE-2021-21985

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the Virtual SAN Health Check plug-in, which is enabled by default. A remote non-authenticated attacker can send a specially crafted HTTP request to the vSphere Client available at port 443/tcp and execute arbitrary commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Remediation

Install updates from vendor's website.

ID:5522 - Exploit for Input validation error in vCenter Server and Cloud Foundation - CVE-2021-21985

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human