VMware View PlannerÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21978£©

°ä²¼¹¦·ò 2021-03-03

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-21978

ʱ   ¼ä

2021-03-03

Àà   ÐÍ

 RCE

µÈ   ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò

VMware View Planner   4.6

 

0x01 ·ì϶ÏêÇé

image.png

View planner ÊÇVMware¹Ù·½ÍƳöµÄÒ»¿îÕë¶Ôview×ÀÃæµÄ²âÊÔ¹¤¾ß £¬£¬£¬£¬£¬£¬£¬Äܹ»Í¨¹ýËü¹ÀËã³öÔÚÖ¸¶¨µÄÀûÓû·¾³ÏÂÄܹ»°ä²¼¼¸¶à¸öview×ÀÃæ £¬£¬£¬£¬£¬£¬£¬ÆäÐÔÖÊÉÏÊÇÒ»¸öʹÓÃcentosµÄlinuxÐé¹¹»ú¡£¡£¡£¡£¡£

2021Äê03ÔÂ02ÈÕ £¬£¬£¬£¬£¬£¬£¬VMware¹Ù·½°ä²¼¸üв¼¸æ £¬£¬£¬£¬£¬£¬£¬½¨¸´ÁËView PlannerÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21978£© £¬£¬£¬£¬£¬£¬£¬ÆäCVSSÆÀ·Ö8.6¡£¡£¡£¡£¡£

ÓÉÓÚ²»ÕýÈ·µÄÊäÈëÑéÖ¤ºÍ²»×ãÊÚȨ £¬£¬£¬£¬£¬£¬£¬Äܹ»ÔÚlogupload webÀûÓ÷¨Ê½ÖÐÉÏ´«ËÁÒâÎļþ¡£¡£¡£¡£¡£¿ÉÄܽӼûView Planner HarnessµÄ¹¥»÷ÕßÄܹ»ÉÏ´«²¢Ö´ÐжñÒâÎļþ £¬£¬£¬£¬£¬£¬£¬×îÖÕÔÚloguploadÈÝÆ÷ÄÚÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£¡£¡£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°VMwareÒѾ­°ä²¼Á˽¨¸´·¨Ê½ £¬£¬£¬£¬£¬£¬£¬½¨ÒéʵʱװÖÃView Planner 4.6 Security Patch 1¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VIEW-PLAN-460&productId=1067&rPId=53394

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0003.html

https://docs.vmware.com/en/VMware-View-Planner/4.6/rn/VMware-View-Planner-46-Release-Notes.html#patch-releases-2

https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2021-21978

 

0x04 ¹¦·òÏß

2021-03-02  Vmware°ä²¼°²È«²¼¸æ

2021-03-03  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png