cnvd - cnvd-2021-37150

cnvd-2021-37150

Vulnerability from cnvd

Title: VMware vCenter Server远程代码执行漏洞（CNVD-2021-37150）

Description:

Vmware VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。

VMware vCenter Server存在远程代码执行漏洞。该漏洞是由于缺乏对vCenter Server默认启用的运行状况检查插件vSAN进行正确的输入验证，未经身份验证的攻击者利用该漏洞通过向目标主机端口发送恶意构造请求，在目标系统上执行任意代码，获得目标服务器的权限。

Severity: 高

Patch Name: VMware vCenter Server远程代码执行漏洞（CNVD-2021-37150）的补丁

Patch Description:

Vmware VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。

VMware vCenter Server存在远程代码执行漏洞。该漏洞是由于缺乏对vCenter Server默认启用的运行状况检查插件vSAN进行正确的输入验证，未经身份验证的攻击者利用该漏洞通过向目标主机端口发送恶意构造请求，在目标系统上执行任意代码，获得目标服务器的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

VMware公司已发布新版本修复上述漏洞，建议用户立即升级至最新版本： https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Reference: https://www.vmware.com/security/advisories/VMSA-2021-0010.html

Impacted products

Name
['VMware vCenter Server 5.5', 'VMWare vCenter Server 7.0', 'VMWare vCenter Server 6.7', 'VMWare Cloud Foundation (vCenter Server) 4.', 'VMWare Cloud Foundation (vCenter Server) 3.']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21985"
    }
  },
  "description": "Vmware VMware vCenter Server\u662f\u7f8e\u56fd\u5a01\u777f\uff08Vmware\uff09\u516c\u53f8\u7684\u4e00\u5957\u670d\u52a1\u5668\u548c\u865a\u62df\u5316\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nVMware vCenter Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7f3a\u4e4f\u5bf9vCenter Server\u9ed8\u8ba4\u542f\u7528\u7684\u8fd0\u884c\u72b6\u51b5\u68c0\u67e5\u63d2\u4ef6vSAN\u8fdb\u884c\u6b63\u786e\u7684\u8f93\u5165\u9a8c\u8bc1\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u76ee\u6807\u4e3b\u673a\u7aef\u53e3\u53d1\u9001\u6076\u610f\u6784\u9020\u8bf7\u6c42\uff0c\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u5f97\u76ee\u6807\u670d\u52a1\u5668\u7684\u6743\u9650\u3002",
  "formalWay": "VMware\u516c\u53f8\u5df2\u53d1\u5e03\u65b0\u7248\u672c\u4fee\u590d\u4e0a\u8ff0\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u7acb\u5373\u5347\u7ea7\u81f3\u6700\u65b0\u7248\u672c\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2021-0010.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37150",
  "openTime": "2021-05-26",
  "patchDescription": "Vmware VMware vCenter Server\u662f\u7f8e\u56fd\u5a01\u777f\uff08Vmware\uff09\u516c\u53f8\u7684\u4e00\u5957\u670d\u52a1\u5668\u548c\u865a\u62df\u5316\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nVMware vCenter Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7f3a\u4e4f\u5bf9vCenter Server\u9ed8\u8ba4\u542f\u7528\u7684\u8fd0\u884c\u72b6\u51b5\u68c0\u67e5\u63d2\u4ef6vSAN\u8fdb\u884c\u6b63\u786e\u7684\u8f93\u5165\u9a8c\u8bc1\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5411\u76ee\u6807\u4e3b\u673a\u7aef\u53e3\u53d1\u9001\u6076\u610f\u6784\u9020\u8bf7\u6c42\uff0c\u5728\u76ee\u6807\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u5f97\u76ee\u6807\u670d\u52a1\u5668\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware vCenter Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2021-37150\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware vCenter Server 5.5",
      "VMWare vCenter Server 7.0",
      "VMWare vCenter Server 6.7",
      "VMWare Cloud Foundation (vCenter Server) 4.*",
      "VMWare Cloud Foundation (vCenter Server)  3.*"
    ]
  },
  "referenceLink": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
  "serverity": "\u9ad8",
  "submitTime": "2021-05-26",
  "title": "VMware vCenter Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2021-37150\uff09"
}

CVE-2021-21985 (GCVE-0-2021-21985)

Vulnerability from cvelistv5

Published

2021-05-26 14:04

Modified

2025-07-30 01:38

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote code execution vulnerability

Summary

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

References

▼	URL	Tags
	https://www.vmware.com/security/advisories/VMSA-2021-0010.html	x_refsource_MISC
	http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html	x_refsource_MISC
	http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	VMware vCenter Server and VMware Cloud Foundation	Version: VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:30:23.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-21985",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:56:51.919812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21985"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-470",
                "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:38:10.011Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-21985 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VMware vCenter Server and VMware Cloud Foundation",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-13T16:06:26.000Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2021-21985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VMware vCenter Server and VMware Cloud Foundation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "VMware vCenter Server (7.x before 7.0 U2b, 6.7 before 6.7 U3n, 6.5 before 6.5 U3p) and VMware Cloud Foundation (4.x before 4.2.1, 3.x before 3.10.2.1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html",
              "refsource": "MISC",
              "url": "https://www.vmware.com/security/advisories/VMSA-2021-0010.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/162812/VMware-Security-Advisory-2021-0010.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163487/VMware-vCenter-Server-Virtual-SAN-Health-Check-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2021-21985",
    "datePublished": "2021-05-26T14:04:30.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:38:10.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted