Added CVE-2021-21985

cves/2021/CVE-2021-21985.yaml

@@ -0,0 +1,31 @@
+id: CVE-2021-21985
+
+info:
+  name: VMware vSphere Client (HTML5) RCE
+  author: D0rkerDevil
+  severity: critical
+  description: |
+    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
+  reference: |
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21985
+    - https://www.vmware.com/security/advisories/VMSA-2021-0010.html
+    - https://github.com/alt3kx/CVE-2021-21985_PoC
+  tags: cve,cve201,rce,vsphere
+
+requests:
+  - raw:
+      - |
+        POST /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData HTTP/1.1
+        Host: {{Hostname}}
+        Accept: */*
+        Content-Type: application/json
+        Content-Length: 86
+        Connection: close
+
+        {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}
+
+    matchers:
+      - type: word
+        words:
+          - '{"result":{"isDisconnected":'
+        part: body