支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2021-21985 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Vmware vSphere Client 输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Vmware vSphere Client是美国威睿(Vmware)公司的一个应用软件。提供虚拟化管理。 Vmware vSphere Client 存在输入验证错误漏洞,该漏洞由于vCenter Server默认启用的虚拟SAN健康检查插件缺乏输入验证,导致攻击者可以在底层操作系统上以不受限制的权限执行命令。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
-VMware vCenter Server and VMware Cloud Foundation VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1) -
二、漏洞 CVE-2021-21985 的公开POC
#POC 描述源链接神龙链接
1Multiple vulnerabilities in the vSphere Client (HTML5) were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products.https://github.com/bigbroke/CVE-2021-21985POC详情
2Nonehttps://github.com/alt3kx/CVE-2021-21985_PoCPOC详情
3CVE-2021-21985 Checker.https://github.com/onSec-fr/CVE-2021-21985-CheckerPOC详情
4This script check the CVE-2021-21985 vulnerability and patch on vCenter Server.https://github.com/mauricelambert/CVE-2021-21985POC详情
5cve-2021-21985 exploithttps://github.com/xnianq/cve-2021-21985_expPOC详情
6CVE-2021-21985 vmware 6.7-9.8 RCEhttps://github.com/daedalus/CVE-2021-21985POC详情
7Nonehttps://github.com/testanull/Project_CVE-2021-21985_PoCPOC详情
8Nonehttps://github.com/haiclover/CVE-2021-21985POC详情
9cve-2021-21985 powershell pochttps://github.com/aristosMiliaressis/CVE-2021-21985POC详情
10VMWARE VCENTER SERVER VIRTUAL SAN HEALTH CHECK PLUG-IN RCE (CVE-2021-21985) https://github.com/sknux/CVE-2021-21985_PoCPOC详情
11Nonehttps://github.com/haidv35/CVE-2021-21985POC详情
12The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21985.yamlPOC详情
13vmware vCenter unauth RCE cve-2021-21985https://github.com/chaitin/xray-plugins/blob/main/poc/manual/vmware-vcenter-cve-2021-21985-rce.ymlPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2021-21985 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: VMware vCenter Server and VMware Cloud Foundation
Same vendor: n/a
V. Comments for CVE-2021-21985

暂无评论

发表评论