VMware vCenter ServerÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21985£©

°ä²¼¹¦·ò 2021-05-26

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-21985

ʱ   ¼ä

2021-05-26

Àà   ÐÍ

RCE

µÈ   ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ


0x01 ·ì϶ÏêÇé

image.png

 

vCenter ServerÊÇVMware¹«Ë¾µÄÒ»ÖÖ·þÎñÆ÷ÖÎÀí½â¾ö¹æ»®£¬£¬£¬£¬ £¬£¬¿ÉÔ®ÊÖITÖÎÀíԱͨ¹ýµ¥¸ö½ÚÔį̀ÖÎÀíÆóÒµ»·¾³ÖеÄÐé¹¹»úºÍÐé¹¹»¯Ö÷»ú ¡£¡£¡£¡£¡£

2021Äê05ÔÂ25ÈÕ£¬£¬£¬£¬ £¬£¬VMware°ä²¼ÁËvCenter Server°²È«¸üУ¬£¬£¬£¬ £¬£¬½¨¸´ÁËvSphere ClientÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21985£©ºÍÒ»¸öÉí·ÝÑéÖ¤·ì϶£¨CVE-2021-21986£©£¬£¬£¬£¬ £¬£¬ÆäCVSSv3¸ù»ùµÃ·Ö±ðÀëΪ9.8ºÍ6.5 ¡£¡£¡£¡£¡£

vCenter ServerÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21985£©

¸Ã·ì϶´æÔÚÓÚvSphere Client£¨HTML5£©ÖУ¬£¬£¬£¬ £¬£¬ÓÉÓÚvCenter ServerÖÐĬÈÏÆôÓõÄVirtual SAN Health Check²å¼þ²»×ãÊäÈëÑéÖ¤£¬£¬£¬£¬ £¬£¬Õ¼ÓÐ443¶Ë¿ÚÍøÂç½Ó¼ûȨÏ޵Ĺ¥»÷ÕßÄܹ»ÀûÓô˷ì϶ÔÚ³ÐÔØvCenter ServerµÄ²Ù×÷ϵͳÉÏÔ¶³ÌÖ´ÐÐËÁÒâºÅÁî ¡£¡£¡£¡£¡£

±ØÒª°ÑÎȵÄÊÇ£¬£¬£¬£¬ £¬£¬Virtual SAN Health Check²å¼þÔÚËùÓÐvCenter ServerÖж¼Ä¬ÈÏÆôÓ㬣¬£¬£¬ £¬£¬ÈκοÉÄÜͨ¹ýÍøÂç½Ó¼ûvCenter ServerµÄδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õ߶¼Äܹ»ÀûÓÃÕâ¸ö·ì϶£¬£¬£¬£¬ £¬£¬¶øÎÞÂÛÊÇ·ñʹÓÃvSAN£¬£¬£¬£¬ £¬£¬²¢ÇҸ÷ì϶ÎÞÐèÓû§½»»¥¼´¿ÉÔ¶³ÌÀûÓà ¡£¡£¡£¡£¡£

 

vCenter ServerÉí·ÝÑéÖ¤·ì϶£¨CVE-2021-21986£©

¸Ã·ì϶´æÔÚÓÚvSphere Client (HTML5)µÄVirtual SAN Health Check¡¢Site Recovery¡¢vSphere Lifecycle ManagerºÍVMware Cloud Director Availability²å¼þµÄvSphereÈÏÖ¤»úÔìÖУ¬£¬£¬£¬ £¬£¬ÓµÓÐ vCenter Server É쵀 443 ¶Ë¿ÚÍøÂç½Ó¼ûȨÏ޵Ĺ¥»÷ÕßÄܹ»ÀûÓô˷ì϶ִÐÐÊÜÓ°Ïì²å¼þËùÔÊÐíµÄ²Ù×÷£¬£¬£¬£¬ £¬£¬¶øÎÞÐè½øÐÐÉí·ÝÑéÖ¤ ¡£¡£¡£¡£¡£

 

Ó°ÏìÁìÓò

vCenter Server 7.0

vCenter Server 6.7

vCenter Server 6.5

Cloud Foundation (vCenter Server) 4.x

Cloud Foundation (vCenter Server) 3.x

 

0x02 ´ëÖý¨Òé

Ä¿Ç°VMwareÒѾ­½¨¸´ÁËÕâЩ·ì϶£¬£¬£¬£¬ £¬£¬½¨Ò龡¿ìÉý¼¶µ½ÒÔϽ¨¸´°æ±¾»òʵʱÀûÓûº½â´ëÊ©£º

vCenter Server 7.0 U2b

vCenter Server 6.7 U3n

vCenter Server 6.5 U3p

Cloud Foundation (vCenter Server) 4.2.1

Cloud Foundation (vCenter Server) 3.10.2.1

 

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

 

0x03 ²Î¿¼Á´½Ó

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u2b-release-notes.html

https://kb.vmware.com/s/article/83829

https://core.vmware.com/resource/vmsa-2021-0010-faq

https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-affecting-all-vcenter-server-installs/

 

0x04 ¹¦·òÏß

2021-05-25  VMware°ä²¼°²È«²¼¸æ

2021-05-26  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png