How to realize the Analysis of Vmware vcenter unauthorized arbitrary File vulnerability CVE-2021-21972 01/16 Update SLTechnology News&Howtos

How to realize the Analysis of Vmware vcenter unauthorized arbitrary File vulnerability CVE-2021-21972

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

How to realize the analysis of Vmware vcenter unauthorized arbitrary file vulnerability CVE-2021-21972, aiming at this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

First, vulnerability description

CVE-2021-21972 is an unauthorized command execution vulnerability of VMware vcenter. The vulnerability can upload a webshell to any location on the vcenter server and then execute webshell.

VSphere Client (HTML5) contains a remote code execution vulnerability in the vCenter Server plug-in. Unauthorized attackers can send specially crafted requests to vCenter Server through a server with port 443 open, thereby writing webshell on the server, resulting in remote arbitrary code execution. In the CVE-2021-21972 VMware vCenter Server remote code vulnerability, an attacker can construct a malicious request directly through port 443, execute arbitrary code, and control vCenter.

2 affected version and vulnerability rating

VMware vCenter Server 7.0Series

< 7.0.U1c VMware vCenter Server 6.7系列 < 6.7.U3l VMware vCenter Server 6.5系列 < 6.5 U3n 漏洞评级：严重 CVSS#3.1 :9.8 FIRST CVSSv3 Calculator: CVE-2021-21972: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 三，安全版本 VMware vCenter Server 7.0.U1c VMware vCenter Server 6.7.U3l VMware vCenter Server 6.5 U3n 漏洞分析: vCenter Server 的 vROPS 插件的 API 未经过鉴权，存在一些敏感接口。其中 uploadova接口存在一个上传 OVA 文件的功能：代码逻辑是将 TAR 文件解压后上传到 /tmp/unicorn_ova_dir目录。直接将 TAR 的文件名与 /tmp/unicorn_ova_dir拼接并写入文件。如果文件名内存在 ../即可实现目录遍历。对于 Linux 版本，可以创建一个包含 ../../home/vsphere-ui/.ssh/authorized_keys的 TAR 文件并上传后利用 SSH 登陆. 四，poc: poc 访问https:///ui/vropspluginui/rest/services/updateova 如果404，则代表不存在漏洞，如果200，405 则代表存在漏洞

Repair methods and suggestions:

Follow the official prompts to close the plug-in https://kb.vmware.com/s/article/82374

Safety recommendation

1. Upgrade VMware vCenter Server and VMware ESXi to the latest version.

2. CVE-2021-21972 VMware vCenter Server remote code vulnerabilities and CVE-2021-21973 VMware vCenter Server SSRF vulnerabilities can be mitigated according to https://kb.vmware.com/s/article/82374-related measures.

This is the answer to the analysis question on how to achieve Vmware vcenter unauthorized arbitrary file vulnerability CVE-2021-21972. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.