Detections
Analytics
CVE-2021-21972
critical
Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
From the Tenable Blog
CVE-2021-21972: VMware vCenter Server Remote Code Execution Vulnerability
Published: 2021-02-25
Proof-of-concept exploit scripts for a critical remote code execution flaw, along with mass scanning activity, indicate that organizations should apply vCenter Server patches immediately. Update May 26: The Proof of concept section has been updated to reflect the publication of a proof-of-concept (PoC) for CVE-2021-21974.
References
https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html
https://securelist.com/twelve-group-unified-kill-chain/113877/
https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.fortiguard.com/threat-signal-report/4295
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
http://packetstormsecurity.com/files/163268/VMware-vCenter-6.5-6.7-7.0-Remote-Code-Execution.html
http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html