The web application relies on plugins, usually located in separate. From the web panel I tried to send as many different requests as possible, all without cookie headers.Īfter sending an unauthorized request to /ui/vropspluginui/rest/services/*, I discovered that it did not in fact require any authentication. Discovering the vulnerabilityĭuring the analysis of the vSphere Client, I employed both a black-box and a white-box approach to testing, as usual, focusing on vulnerabilities that could be exploited without authorization.
Attach baselines in vmware 6.0 software#
While this software can be encountered on the perimeter, in most cases it is located on internal networks. VSphere and vCenter enable the virtualization of corporate infrastructure and provide means of control over it. In this article, I will cover how I discovered the VMware vSphere client RCE vulnerability, divulge the technical details, and explain how it can be exploited on various platforms. An unauthorized server-side request forgery (SSRF) vulnerabilities (CVE-2021-21973).
Attach baselines in vmware 6.0 code#
Unauthorized file upload leading to remote code execution (RCE) (CVE-2021- 21972).
These vulnerabilities allowed non-authorized clients to execute arbitrary commands and send requests on behalf of the targeted server via various protocols:
In fall of 2020, I discovered couple vulnerabilities in the vSphere Client component of VMware vCenter. Since the PoC for the VMware vCenter RCE (CVE-2021-21972) is now readily available, we’re publishing our article covering all of the technical details.
0 kommentar(er)
