← back
CVE-2021-21985

CVE-2021-21985

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-20CWE-470CWE-918
In short

vSphere Client has a remote code execution flaw in its Virtual SAN Health Check plugin that allows attackers on the network to run commands with full system privileges on the vCenter Server without authentication.

Technical detail

Unauthenticated remote code execution vulnerability in vSphere Client's Virtual SAN Health Check plugin (CWE-20, CWE-470, CWE-918) accessible via port 443 due to insufficient input validation. An attacker with network access can inject malicious payloads to execute arbitrary OS commands with unrestricted privileges on the underlying vCenter Server host.

Summary generated and translated by AI from the official description.
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · VMware vCenter Server and VMware Cloud Foundation
public PoCs found12
githubgithub.com/alt3kx/CVE-2021-21985_PoC213githubgithub.com/xnianq/cve-2021-21985_exp115githubgithub.com/testanull/Project_CVE-2021-21985_PoC29githubgithub.com/sknux/CVE-2021-21985_PoC3githubgithub.com/onSec-fr/CVE-2021-21985-Checker2githubgithub.com/daedalus/CVE-2021-219852githubgithub.com/bigbroke/CVE-2021-219851githubgithub.com/haidv35/CVE-2021-219851githubgithub.com/aristosMiliaressis/CVE-2021-219850githubgithub.com/mauricelambert/CVE-2021-219850cve_referencepacketstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.htmlunverifiedcve_referencepacketstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.htmlhttp://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985https://www.vmware.com/security/advisories/VMSA-2021-0010.html