VMware vCenter CVE-2021-21972 Tools# VMware_vCenter_CVE-2021-21972
VMware vCenter CVE-2021-21972 Related tools
# Invoke-CVE-2021-21972-Scan.ps1
This script will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972.
The script will execute in the following order:
- Create a log file, default log name is Invoke-CVE-2021-21972-Scan-output.txt
- Scan each target host by performing the following:
- Check the root domain for vSphere/vCenter strings
- If not found, check the /ui/ (HTML5 UI) directory for vSphere/vCenter strings
- If not found, no vulnerability scan is performed unless -f/-force parameter is specified
- If strings are found, make a GET request to /ui/vropspluginui/rest/services/uploadova looking for the
following responses:
- 405 - Server is likely vulnerable
- 401 - Server is likely patched
- Other - Server is not vulnerable
# Examples
Basic usage:
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts "vcenter.local","vcenter.net"
All options with force scan:
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts "vcenter.local","vcenter.net" -outputFile "output.txt" -force
All options with force scan (shorthand version):
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -t "vcenter.local","vcenter.net" -o "output.txt" -f
Blog post:
https://robwillis.info/2021/02/vmware-vcenter-cve-2021-21972-scan-tool/
[4.0K] /data/pocs/b1596e5f3bbc560782973931127e1929af0b7eb1
├── [4.8K] Invoke-CVE-2021-21972-Scan.ps1
└── [1.5K] README.md
0 directories, 2 files