Vulnerability in Vmware Cloud Foundation
CVE-2021-21972
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlyi…
EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a Vmware Cloud Foundation — versions 4.x before 4.2, 3.x before 3.10.1.2
- N/a Vmware Vcenter Server — versions 7.x before 7.0 U1c, 6.7 before 6.7 U3l, 6.5 before 6.5 U3n
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- www.vmware.com/security/advisories/VMSA-2021-0002.html (x_refsource_CONFIRM)
- packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-U… (x_refsource_MISC)
- packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-C… (x_refsource_MISC)
- packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Exe… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-21972?
- CVE-2021-21972 is a vulnerability in Vmware Cloud Foundation. Published 2021-02-24.
- Is CVE-2021-21972 known to be exploited?
- Yes. CVE-2021-21972 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 203 public proof-of-concept repositories are indexed.