### [CVE-2021-21972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21972)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20vCenter%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution%20vulnerability&color=brighgreen)

### Description

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

### POC

#### Reference
- http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html
- http://packetstormsecurity.com/files/161695/VMware-vCenter-Server-File-Upload-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0ps/pocassistdb
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xMarcio/cve
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Awrrays/FrameVul
- https://github.com/B1anda0/CVE-2021-21972
- https://github.com/BugBlocker/lotus-scripts
- https://github.com/ByZain/CVE-2021-21972
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/DaveCrown/vmware-kb82374
- https://github.com/DougCarroll/CVE_2021_21972
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/GhostTroops/TOP
- https://github.com/GuayoyoCyber/CVE-2021-21972
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/JMousqueton/Detect-CVE-2021-21972
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/L-pin/CVE-2021-21972
- https://github.com/Ly0nt4r/OSCP
- https://github.com/Ma1Dong/vcenter_rce
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NS-Sp4ce/CVE-2021-21972
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Osyanina/westone-CVE-2021-21972-scanner
- https://github.com/QmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC
- https://github.com/R1card0-tutu/Red
- https://github.com/Ratlesv/LadonGo
- https://github.com/SYRTI/POC_to_review
- https://github.com/Schira4396/VcenterKiller
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SirElmard/ethical_hacking
- https://github.com/SofianeHamlaoui/Conti-Clear
- https://github.com/SouthWind0/southwind0.github.io
- https://github.com/TaroballzChen/CVE-2021-21972
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Udyz/CVE-2021-21972
- https://github.com/Vulnmachines/VmWare-vCenter-vulnerability
- https://github.com/W01fh4cker/VcenterKit
- https://github.com/Whitehorse-rainbow/-Infiltration-summary
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WingsSec/Meppo
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/CVE-2021-21972
- https://github.com/aneasystone/github-trending
- https://github.com/anquanscan/sec-tools
- https://github.com/apachecn-archive/Middleware-Vulnerability-detection
- https://github.com/bhassani/Recent-CVE
- https://github.com/bhdresh/SnortRules
- https://github.com/byteofandri/CVE-2021-21972
- https://github.com/byteofjoshua/CVE-2021-21972
- https://github.com/chaosec2021/fscan-POC
- https://github.com/conjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/czz1233/fscan
- https://github.com/d3sh1n/cve-2021-21972
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/dabaibuai/dabai
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/djytmdj/Tool_Summary
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/githubfoam/ubuntu_sandbox
- https://github.com/gobysec/Goby
- https://github.com/guchangan1/All-Defense-Tool
- https://github.com/haiclover/CVE-2021-21972
- https://github.com/haidv35/CVE-2021-21972
- https://github.com/halencarjunior/vcenter-rce-2021-21972
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/horizon3ai/CVE-2021-21972
- https://github.com/huike007/penetration_poc
- https://github.com/huimzjty/vulwiki
- https://github.com/iamramahibrah/NSE-Scripts
- https://github.com/itscio/LadonGo
- https://github.com/jbmihoub/all-poc
- https://github.com/joanbono/nuclei-templates
- https://github.com/jweny/pocassistdb
- https://github.com/k0imet/CVE-POCs
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k8gege/LadonGo
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection
- https://github.com/mamba-2021/fscan-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/mdisec/mdisec-twitch-yayinlari
- https://github.com/milo2012/CVE-2021-21972
- https://github.com/mstxq17/SecurityArticleLogger
- https://github.com/murataydemir/CVE-2021-21972
- https://github.com/n1sh1th/CVE-POC
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/orangmuda/CVE-2021-21972
- https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document
- https://github.com/oscpname/OSCP_cheat
- https://github.com/password520/CVE-2021-21972
- https://github.com/password520/LadonGo
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pettyhacks/vSphereyeeter
- https://github.com/psc4re/NSE-scripts
- https://github.com/r0eXpeR/supplier
- https://github.com/rastidoust/Red
- https://github.com/rastidoust/rastidoust.github.io
- https://github.com/renini/CVE-2021-21972
- https://github.com/revanmalang/OSCP
- https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972
- https://github.com/saucer-man/exploit
- https://github.com/shengshengli/LadonGo
- https://github.com/shengshengli/fscan-POC
- https://github.com/soosmile/POC
- https://github.com/stevenp322/cve-2021-21972
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tijldeneut/Security
- https://github.com/tom0li/collection-document
- https://github.com/trhacknon/Pocingit
- https://github.com/txuswashere/OSCP
- https://github.com/tzwlhack/Vulnerability
- https://github.com/user16-et/cve-2021-21972_PoC
- https://github.com/vikerup/Get-vSphereVersion
- https://github.com/viksafe/Get-vSphereVersion
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoforget/CVE-POC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yaunsky/CVE-2021-21972
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
- https://github.com/zeroc00I/nuclei-templates-2
- https://github.com/zhangziyang301/All-Defense-Tool
- https://github.com/zhzyker/vulmap