CVE-2021-21985 PoC — Vmware vSphere Client 输入验证错误漏洞

Source

https://github.com/mauricelambert/CVE-2021-21985

Associated Vulnerability

Title:Vmware vSphere Client 输入验证错误漏洞 (CVE-2021-21985)
Description:Vmware vSphere Client是美国威睿（Vmware）公司的一个应用软件。提供虚拟化管理。 Vmware vSphere Client 存在输入验证错误漏洞，该漏洞由于vCenter Server默认启用的虚拟SAN健康检查插件缺乏输入验证，导致攻击者可以在底层操作系统上以不受限制的权限执行命令。

Description

This script check the CVE-2021-21985 vulnerability and patch on vCenter Server.

Readme

# CVE_2021_21985

## Description

This script check the CVE-2021-21985 vulnerability and patch on vCenter Server.

## Requirements

 - Python3
 - Python3 Standard Library

## Installation

```bash
git clone https://github.com/mauricelambert/CVE_2021_21985.git ./
```

## Example

To check IP `10.0.0.2`, `10.0.0.3` and hostname `vCenter3`:

```bash
python3 CVE_2021_21985.py 10.0.0.2 10.0.0.3 vCenter3
```

## Licence
Licensed under the [GPL, version 3](https://www.gnu.org/licenses/).

File Snapshot


 [4.0K]  /data/pocs/0b34cca70eef2b66aec49e6eac0b98f6ad0fa934
├── [3.8K]  CVE_2021_21985.py
├── [ 35K]  LICENSE.txt
└── [ 511]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!