VMware vRealize Business for CloudÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21984£©

°ä²¼¹¦·ò 2021-05-06

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-21984

ʱ    ¼ä

2021-05-06

Àà   ÐÍ

RCE

µÈ    ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ

 

0x01 ·ì϶ÏêÇé

image.png

vRealize Business for Cloud ÊÇÒ»ÖÖ×Ô¶¯»¯µÄÔÆÒµÎñÖÎÀí½â¾ö¹æ»® £¬Ö¼ÔÚΪITÍŶÓÌṩÔƹ滮¡¢Ô¤ËãºÍ³É±¾·ÖÎö¹¤¾ß¡£

2021Äê05ÔÂ05ÈÕ £¬VMware°ä²¼°²È«²¼¸æ £¬½¨¸´ÁËVMware vRealize Business for CloudÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-21984£© £¬¸Ã·ì϶µÄCVSSv3¸ù»ùµÃ·ÖΪ9.8¡£

ÓÉÓÚδÊÚȨµÄVAMI API, ¹¥»÷ÕßÄܹ»Í¨¹ýÖÎÀí½çÃ棨VAMI£©Éý¼¶APIÀ´ÀûÓô˷ì϶ £¬ÒÔ»ñµÃ¶ÔvRealize Business for CloudÐé¹¹É豸µÄ½Ó¼ûȨÏÞ²¢Ô¶³ÌÖ´ÐдúÂë £¬¶øÎÞÐè½øÐÐÉí·ÝÑéÖ¤»òÓû§½»»¥¡£

 

Ó°ÏìÁìÓò

VMware vRealize Business for Cloud < 7.6.0

 

0x02 ´ëÖý¨Òé

Ä¿Ç°´Ë·ì϶ÒѾ­½¨¸´ £¬½¨Ò龡¿ìÏÂÔز¢ÀûÓÃvRealize Business for Cloud 7.6°²È«²¹¶¡·¨Ê½ISOÎļþ¡£

ÏÂÔØÁ´½Ó£º

https://kb.vmware.com/s/article/83475

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0007.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-rce-bug-in-vrealize-business-for-cloud/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21984

 

 

0x04 ¹¦·òÏß

2021-05-05  VMware°ä²¼°²È«²¼¸æ

2021-05-06  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png