fofamini-wiki

登录白背景

源码

VMware vCenter 存在远程代码执行漏洞(CVE-2021-21972)

一、漏洞简介

VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。VMware vCenter 存在远程代码执行漏洞(CVE-2021-21972)

二、影响版本

VMware vCenter

三、资产测绘

fofatitle="ID_VC_Welcome"

四、漏洞复现

/ui/vropspluginui/rest/services/updateova

访问上面地址，如果出现404、401即不存在漏洞

如果出现405、200即存在漏洞

CVE-2021-21972-main.zip
使用脚本直接getshell

python3 jiaoben.py -url https://127.0.0.1

原文: https://www.yuque.com/xiaokp7/ocvun2/gg6ptwst93bh1of9

# VMware vCenter 存在远程代码执行漏洞(CVE-2021-21972)

# 一、漏洞简介
VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。VMware vCenter 存在远程代码执行漏洞(CVE-2021-21972)

# 二、影响版本

- VMware vCenter

# 三、资产测绘

- fofa`title="ID_VC_Welcome"`

![image.png](./img/qPEACloc_MzULNtb/1716017090282-f90f105e-743a-48cd-bc8c-8043d4492021-378605.png)

# 四、漏洞复现
```
/ui/vropspluginui/rest/services/updateova
```
**访问上面地址，如果出现404、401即不存在漏洞**
![image.png](./img/qPEACloc_MzULNtb/1716020537042-dbe7198b-3e78-4b20-ac2d-ad4f5f05c96f-934398.png)
**如果出现405、200即存在漏洞**
![image.png](./img/qPEACloc_MzULNtb/1716020711912-1e468ee9-9751-4e31-a057-86da4c1ddd5d-296150.png)
[CVE-2021-21972-main.zip](https://www.yuque.com/attachments/yuque/0/2024/zip/29512878/1716183577405-97b400b6-ad13-446f-a428-a85da8b611f7.zip?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fzip%2F29512878%2F1716183577405-97b400b6-ad13-446f-a428-a85da8b611f7.zip%22%2C%22name%22%3A%22CVE-2021-21972-main.zip%22%2C%22size%22%3A464190%2C%22ext%22%3A%22zip%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22ua1184b04-62cb-45ce-8f79-1c440764a62%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-zip-compressed%22%2C%22__spacing%22%3A%22both%22%2C%22mode%22%3A%22title%22%2C%22id%22%3A%22uac700cdf%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)
使用脚本直接getshell
```
python3 jiaoben.py -url https://127.0.0.1
```
![image.png](./img/qPEACloc_MzULNtb/1716021018373-4a3ac033-3e1e-487a-ba67-20482df92ac1-895090.png)
![image.png](./img/qPEACloc_MzULNtb/1716021126837-ba30773a-c762-4a8b-8579-310fc83f4990-191090.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/gg6ptwst93bh1of9>