nuclei-templates/cves/2021/CVE-2021-22005.yaml

id: CVE-2021-22005

info:
  name: VMware vCenter Server file upload vulnerability
  author: PR3R00T
  severity: critical
  description: The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
  reference:
    - https://kb.vmware.com/s/article/85717
    - https://www.vmware.com/security/advisories/VMSA-2021-0020.html
    - https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
  tags: cve,cve2021,vmware,vcenter
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2021-22005
    cwe-id: CWE-434

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        test_data

    req-condition: true
    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200"
          - "status_code_2 == 201"
          - "contains(body_1, 'VMware vSphere')"
          - "content_length_2 == 0"
        condition: and
improved matchers 2021-09-22 10:03:51 +00:00			`id: CVE-2021-22005`

New VMWare Vcenter File upload check. https://kb.vmware.com/s/article/85717 - taking the attached python script as validation. 2021-09-22 08:05:36 +00:00			`info:`
improved matchers 2021-09-22 10:03:51 +00:00			`name: VMware vCenter Server file upload vulnerability`
New VMWare Vcenter File upload check. https://kb.vmware.com/s/article/85717 - taking the attached python script as validation. 2021-09-22 08:05:36 +00:00			`author: PR3R00T`
improved matchers 2021-09-22 10:03:51 +00:00			`severity: critical`
			`description: The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.`
			`reference:`
			`- https://kb.vmware.com/s/article/85717`
			`- https://www.vmware.com/security/advisories/VMSA-2021-0020.html`
			`- https://core.vmware.com/vmsa-2021-0020-questions-answers-faq`
			`tags: cve,cve2021,vmware,vcenter`
Auto Generated CVE annotations [Tue Sep 28 10:05:39 UTC 2021] :robot: 2021-09-28 10:05:39 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.80`
			`cve-id: CVE-2021-22005`
			`cwe-id: CWE-434`
improved matchers 2021-09-22 10:03:51 +00:00
New VMWare Vcenter File upload check. https://kb.vmware.com/s/article/85717 - taking the attached python script as validation. 2021-09-22 08:05:36 +00:00			`requests:`
			`- raw:`
improved matchers 2021-09-22 10:03:51 +00:00			`- \|`
			`GET / HTTP/1.1`
			`Host: {{Hostname}}`

New VMWare Vcenter File upload check. https://kb.vmware.com/s/article/85717 - taking the attached python script as validation. 2021-09-22 08:05:36 +00:00			`- \|`
			`POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/json`

			`test_data`

improved matchers 2021-09-22 10:03:51 +00:00			`req-condition: true`
New VMWare Vcenter File upload check. https://kb.vmware.com/s/article/85717 - taking the attached python script as validation. 2021-09-22 08:05:36 +00:00			`matchers:`
improved matchers 2021-09-22 10:03:51 +00:00			`- type: dsl`
			`dsl:`
			`- "status_code_1 == 200"`
			`- "status_code_2 == 201"`
			`- "contains(body_1, 'VMware vSphere')"`
			`- "content_length_2 == 0"`
			`condition: and`