1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. VMware vCenter Server Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-21972 Mappings

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-21972 VMware vCenter Server Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-21972 is a RCE vulnerability affecting VMware vCenter servers. An attacker with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
  1. https://outpost24.com/blog/attackers-collaborate-to-exploit-cve-2021-21972-and-cve-2021-21973/
  2. https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf
CVE-2021-21972 VMware vCenter Server Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-21972 is a RCE vulnerability affecting VMware vCenter servers. An attacker with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
References
  1. https://outpost24.com/blog/attackers-collaborate-to-exploit-cve-2021-21972-and-cve-2021-21973/
  2. https://www.ncsc.gov.uk/files/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf