CVE-2021-21972

CVE Database · CVE-2021-21972

CVE-2021-21972

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.57%

Published

Feb 24, 2021

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2021-11-17

Apply updates per vendor instructions.

Public PoC / Exploit (12)

All weaponized →

Exploit-DBVMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)Exploit-DBVMware vCenter Server 7.0 - Unauthenticated File Upload NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCSchira4396/VcenterKiller★1475 GitHub PoCNS-Sp4ce/CVE-2021-21972★502 GitHub PoChorizon3ai/CVE-2021-21972★271 GitHub PoCpsc4re/NSE-scripts★162 GitHub PoCQmF0c3UK/CVE-2021-21972-vCenter-6.5-7.0-RCE-POC★137 GitHub PoCalt3kx/CVE-2021-21972★54 GitHub PoCmilo2012/CVE-2021-21972★33 GitHub PoCconjojo/VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972★28

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (43)

vmware · cloud_foundation (up to 3.10.1.2)vulnerable

vmware · cloud_foundation (up to 4.2)vulnerable

vmware · vcenter_servervulnerable