CVE-2021-21973

CVSS 5.3 MEDIUMEPSS 88.0%● KEVCWE-918

In short

The vSphere Client contains a flaw that allows attackers to manipulate the server into making unauthorized requests to internal systems, potentially exposing sensitive information. An attacker with network access can exploit this by sending specially crafted requests to vCenter Server.

Technical detail

SSRF vulnerability in vCenter Server plugin due to improper URL validation in the HTML5 vSphere Client. Attackers with network access to port 443 can send malicious POST requests to trigger server-side requests to arbitrary internal resources, resulting in information disclosure. Affected versions: vCenter Server 7.x before 7.0 U1c, 6.7 before 6.7 U3l, 6.5 before 6.5 U3n, and vCloud Foundation 4.x before 4.2, 3.x before 3.10.1.2.

Summary generated and translated by AI from the official description.

The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

n/a · VMware Cloud Foundation n/a · VMware vCenter Server

public PoCs found — 1

githubgithub.com/freakanonymous/CVE-2021-21973-Automateme★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21973 https://www.vmware.com/security/advisories/VMSA-2021-0002.html