From 6d514eee8454b005341b06f270c055877bb4e442 Mon Sep 17 00:00:00 2001
From: Dwi Siswanto <dwi.siswanto98@gmail.com>
Date: Thu, 25 Feb 2021 07:37:02 +0700
Subject: [PATCH] :fire: Add CVE-2021-21972

---
 cves/2021/CVE-2021-21972.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 cves/2021/CVE-2021-21972.yaml

diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml
new file mode 100644
index 0000000000..788aed0526
--- /dev/null
+++ b/cves/2021/CVE-2021-21972.yaml
@@ -0,0 +1,28 @@
+id: CVE-2021-21972
+
+info:
+  name: VMware vCenter Unauthorized RCE
+  author: dwisiswant0
+  severity: critical
+  reference: https://swarm.ptsecurity.com/unauth-rce-vmware/
+  description: The vulnerability allows unauthenticated remote attackers to upload file leading to remote code execution (RCE). This templates only detects the plugin.
+  tags: cve,cve2021,vmware,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ui/vropspluginui/rest/services/getstatus"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "VSPHERE-UI-JSESSIONID"
+        part: header
+        condtion: and
+      - type: regex
+        regex:
+          - "(Install|Config) Final Progress"
+        part: body