HTTP: VMware View Planner logupload Remote Code Execution
This signature detects attempts to exploit a known vulnerability against VMware View Planner. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
Affected Products
Vmware view_planner
Short Name
HTTP:DIR:VMWARE-LOGUPLD-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-21978 Code Execution Planner Remote VMware View logupload
Release Date
03/26/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3420
False Positive
Unknown
Vendors
Vmware
CVSS Score
7.5