### [CVE-2021-21985](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server%20and%20VMware%20Cloud%20Foundation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution%20vulnerability&color=brighgreen)

### Description

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

### POC

#### Reference
- http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html
- http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html

#### Github
- https://github.com/20142995/Goby
- https://github.com/20142995/sectool
- https://github.com/3th1c4l-t0n1/awesome-csirt
- https://github.com/7roublemaker/VMware-RCE-check
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Advisory-Newsletter/Blackmatter
- https://github.com/Awrrays/FrameVul
- https://github.com/BugBlocker/lotus-scripts
- https://github.com/DaveCrown/vmware-kb82374
- https://github.com/HimmelAward/Goby_POC
- https://github.com/HynekPetrak/HynekPetrak
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/SYRTI/POC_to_review
- https://github.com/Schira4396/VcenterKiller
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SofianeHamlaoui/Conti-Clear
- https://github.com/Spacial/awesome-csirt
- https://github.com/W01fh4cker/VcenterKit
- https://github.com/WhooAmii/POC_to_review
- https://github.com/Z0fhack/Goby_POC
- https://github.com/aneasystone/github-trending
- https://github.com/apachecn-archive/Middleware-Vulnerability-detection
- https://github.com/aristosMiliaressis/CVE-2021-21985
- https://github.com/bigbroke/CVE-2021-21985
- https://github.com/brandonshiyay/My-Security-Learning-Resources
- https://github.com/dabaibuai/dabai
- https://github.com/daedalus/CVE-2021-21985
- https://github.com/djytmdj/Tool_Summary
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/guchangan1/All-Defense-Tool
- https://github.com/haiclover/CVE-2021-21985
- https://github.com/haidv35/CVE-2021-21985
- https://github.com/hktalent/Scan4all_Pro
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0imet/CVE-POCs
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
- https://github.com/manas3c/CVE-POC
- https://github.com/mauricelambert/CVE-2021-21985
- https://github.com/n1sh1th/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/onSec-fr/CVE-2021-21985-Checker
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/r0ckysec/CVE-2021-21985
- https://github.com/r0eXpeR/supplier
- https://github.com/rusty-sec/lotus-scripts
- https://github.com/sknux/CVE-2021-21985_PoC
- https://github.com/soosmile/POC
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/testanull/Project_CVE-2021-21985_PoC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xnianq/cve-2021-21985_exp
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
- https://github.com/zhangziyang301/All-Defense-Tool