daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-21972.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-05 14:19:52 -04:00
parent b7db8db285
commit 7b89a21626
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2021/CVE-2021-21972.yaml
View File

@ -1,12 +1,13 @@
id: CVE-2021-21972 id: CVE-2021-21972
info: info:
name: VMware vCenter Unauthenticated RCE name: VMware vCenter vSphere Client - Remote Code Execution
author: dwisiswant0 author: dwisiswant0
severity: critical severity: critical
description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin. description: "VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2)."
reference: reference:
- https://swarm.ptsecurity.com/unauth-rce-vmware/ - https://swarm.ptsecurity.com/unauth-rce-vmware/
- https://nvd.nist.gov/vuln/detail/CVE-2021-21972
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -32,3 +33,5 @@ requests:
regex: regex:
- "(Install|Config) Final Progress" - "(Install|Config) Final Progress"
part: body part: body
# Enhanced by mp on 2022/05/05