CVE-2021-21985

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://www.vmware.com/security/advisories/VMSA-2021-0010.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
History

14 Sep 2021, 17:37

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

24 Aug 2021, 10:59

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html -
CPE cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*		 cpe:2.3:a:vmware:vcenter_server:6.7:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3m:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:update3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:update3:*:*:*:*:*:*

03 Jun 2021, 14:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8
CWE CWE-20
CPE cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
References (MISC) https://www.vmware.com/security/advisories/VMSA-2021-0010.html - (MISC) https://www.vmware.com/security/advisories/VMSA-2021-0010.html - Vendor Advisory
References (MISC) http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html - (MISC) http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html - Third Party Advisory, VDB Entry

26 May 2021, 20:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html -

26 May 2021, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-05-26 15:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-21985

Mitre link : CVE-2021-21985

CVE.ORG link : CVE-2021-21985

JSON object : View

Products Affected

vmware

  • cloud_foundation
  • vcenter_server
CWE
CWE-20

Improper Input Validation