HTTP: VMware vCenter Server Plugin Unauthorized Remote Code Execution
This signature detects attempts to exploit a known vulnerability against VMware vCenter Server plugin. A successful attack can lead to arbitrary code execution.
Extended Description
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
Affected Products
Vmware cloud_foundation
Short Name
HTTP:CTS:VMWARE-VCENTER-RCE
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-21972 Code Execution Plugin Remote Server Unauthorized VMware vCenter
Release Date
02/26/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3418
False Positive
Unknown
Vendors
Vmware
CVSS Score
10.0