Advisory Type |
Vulnerability Intelligence |
CVE ID |
CVE-2021-21972 |
CVSSv3 Score |
9.8 |
Vulnerability Classification |
Unauthorized Remote Code Execution |
Vendor |
VMware vCenter Server 7.0, 6.7, 6.5 |
Affected Platforms |
Windows/Linux |
The cSphere Client contains an RCE vulnerability in a vCenter Server plugin. This gives an unauthorized actor the ability to execute arbitrary code on a vCenter Server instance. Which comes with unrestricted privileges on the underlying operating system that hosts the Server.
The vulnerable plugin “vropspluginui” which is part of the vCenter Server exposes critical services without any authorization to any unauthenticated user. The service known as “uploadova” resides in the following location:
/ui/vropspluginui/rest/services/uploadova
It has an unrestricted upload vulnerability with no input filtering which leads to an arbitrary file upload. The uploaded file has the same security descriptor of the server instance and has write access to internal directories. An unauthorized threat actor can remotely upload a malicious file that executes input supplied by the attacker on the remote server leading to RCE.
Affected Versions |
Fixed Versions |
vCenter 7.0 | 7.0 U1c |
vCenter 6.7 | 6.7 U3l |
vCenter 6.5 | 6.5 U3n |
Update the affected versions to their respective patched versions.
Official documentation: https://www.vmware.com/security/advisories/VMSA-2021-0002.html