CVE-2021-21985
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 04, 2021
- Published Date
- May 26, 2021
- Last Updated
- January 29, 2025
- Vendor
- n/a
- Product
- VMware vCenter Server and VMware Cloud Foundation
- Description
- The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS Scores
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_vcenter_vsan_health_rce.rb | 2025-04-29 11:01:15 UTC |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21985.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
vmware_vcenter_vsan_health_rce
Type: metasploit • Created: Unknown
sknux/CVE-2021-21985_PoC
Type: github • Created: 2021-11-09 19:06:29 UTC • Stars: 3
testanull/Project_CVE-2021-21985_PoC
Type: github • Created: 2021-06-05 11:03:13 UTC • Stars: 31
daedalus/CVE-2021-21985
Type: github • Created: 2021-06-04 01:15:14 UTC • Stars: 2
onSec-fr/CVE-2021-21985-Checker
Type: github • Created: 2021-06-01 08:31:05 UTC • Stars: 2
alt3kx/CVE-2021-21985_PoC
Type: github • Created: 2021-05-29 13:07:14 UTC • Stars: 214