[ SB 21.04 ] VMWare vSphere simpel RCE ( CVE-2021-21972 )

Unauthorized RCE in VMware vCenter: The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin.

A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

PTSwarm, who discovered the Bug, released an detailed article on the vulnerabilities.


A PoC is available



Fragen? Kontakt: info@zero.bs