CVE-2021-21972

Summary

CVE	CVE-2021-21972
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-02-24 17:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).

Risk And Classification

EPSS: 0.938210000 probability, percentile 0.998610000 (date 2026-04-02)

CISA KEV: Listed on 2021-11-03; due 2021-11-17; ransomware use Known

Problem Types: CWE-22

CISA Known Exploited Vulnerability

Vendor	VMware
Product	vCenter Server
Name	VMware vCenter Server Remote Code Execution Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2021-21972

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Vmware	Cloud Foundation	All	All	All	All
Application	Vmware	Cloud Foundation	All	All	All	All
Application	Vmware	Vcenter Server	6.5	-	All	All
Application	Vmware	Vcenter Server	6.5	a	All	All
Application	Vmware	Vcenter Server	6.5	b	All	All
Application	Vmware	Vcenter Server	6.5	c	All	All
Application	Vmware	Vcenter Server	6.5	d	All	All
Application	Vmware	Vcenter Server	6.5	e	All	All
Application	Vmware	Vcenter Server	6.5	f	All	All
Application	Vmware	Vcenter Server	6.5	u1d	All	All
Application	Vmware	Vcenter Server	6.5	u1e	All	All
Application	Vmware	Vcenter Server	6.5	u1g	All	All
Application	Vmware	Vcenter Server	6.5	u2	All	All
Application	Vmware	Vcenter Server	6.5	u2b	All	All
Application	Vmware	Vcenter Server	6.5	u2c	All	All
Application	Vmware	Vcenter Server	6.5	u2d	All	All
Application	Vmware	Vcenter Server	6.5	u2g	All	All
Application	Vmware	Vcenter Server	6.5	u3	All	All
Application	Vmware	Vcenter Server	6.5	u3d	All	All
Application	Vmware	Vcenter Server	6.5	u3f	All	All
Application	Vmware	Vcenter Server	6.5	u3k	All	All
Application	Vmware	Vcenter Server	6.5	update1d	All	All
Application	Vmware	Vcenter Server	6.5	update1e	All	All
Application	Vmware	Vcenter Server	6.5	update1g	All	All
Application	Vmware	Vcenter Server	6.5	update2	All	All
Application	Vmware	Vcenter Server	6.5	update2b	All	All
Application	Vmware	Vcenter Server	6.5	update2c	All	All
Application	Vmware	Vcenter Server	6.5	update2d	All	All
Application	Vmware	Vcenter Server	6.5	update2g	All	All
Application	Vmware	Vcenter Server	6.5	update3	All	All
Application	Vmware	Vcenter Server	6.5	update3d	All	All
Application	Vmware	Vcenter Server	6.5	update3f	All	All
Application	Vmware	Vcenter Server	6.5	update3k	All	All
Application	Vmware	Vcenter Server	6.7	-	All	All
Application	Vmware	Vcenter Server	6.7	a	All	All
Application	Vmware	Vcenter Server	6.7	b	All	All
Application	Vmware	Vcenter Server	6.7	d	All	All
Application	Vmware	Vcenter Server	6.7	u1	All	All
Application	Vmware	Vcenter Server	6.7	u1b	All	All
Application	Vmware	Vcenter Server	6.7	u2	All	All
Application	Vmware	Vcenter Server	6.7	u2a	All	All
Application	Vmware	Vcenter Server	6.7	u2c	All	All
Application	Vmware	Vcenter Server	6.7	u3	All	All
Application	Vmware	Vcenter Server	6.7	u3a	All	All
Application	Vmware	Vcenter Server	6.7	u3b	All	All
Application	Vmware	Vcenter Server	6.7	u3f	All	All
Application	Vmware	Vcenter Server	6.7	u3g	All	All
Application	Vmware	Vcenter Server	6.7	u3j	All	All
Application	Vmware	Vcenter Server	6.7	update1	All	All
Application	Vmware	Vcenter Server	6.7	update1b	All	All
Application	Vmware	Vcenter Server	6.7	update2	All	All
Application	Vmware	Vcenter Server	6.7	update2a	All	All
Application	Vmware	Vcenter Server	6.7	update2c	All	All
Application	Vmware	Vcenter Server	6.7	update3	All	All
Application	Vmware	Vcenter Server	6.7	update3a	All	All
Application	Vmware	Vcenter Server	6.7	update3b	All	All
Application	Vmware	Vcenter Server	6.7	update3f	All	All
Application	Vmware	Vcenter Server	6.7	update3g	All	All
Application	Vmware	Vcenter Server	6.7	update3j	All	All
Application	Vmware	Vcenter Server	7.0	-	All	All
Application	Vmware	Vcenter Server	7.0	a	All	All
Application	Vmware	Vcenter Server	7.0	b	All	All
Application	Vmware	Vcenter Server	7.0	c	All	All
Application	Vmware	Vcenter Server	7.0	d	All	All
Application	Vmware	Vcenter Server	7.0	u1	All	All
Application	Vmware	Vcenter Server	7.0	u1a	All	All
Application	Vmware	Vcenter Server	7.0	update1	All	All
Application	Vmware	Vcenter Server	7.0	update1a	All	All
Application	Vmware	Vcenter Server	6.5	-	All	All
Application	Vmware	Vcenter Server	6.5	a	All	All
Application	Vmware	Vcenter Server	6.5	b	All	All
Application	Vmware	Vcenter Server	6.5	c	All	All
Application	Vmware	Vcenter Server	6.5	d	All	All
Application	Vmware	Vcenter Server	6.5	e	All	All
Application	Vmware	Vcenter Server	6.5	f	All	All
Application	Vmware	Vcenter Server	6.5	u1d	All	All
Application	Vmware	Vcenter Server	6.5	u1e	All	All
Application	Vmware	Vcenter Server	6.5	u1g	All	All
Application	Vmware	Vcenter Server	6.5	u2	All	All
Application	Vmware	Vcenter Server	6.5	u2b	All	All
Application	Vmware	Vcenter Server	6.5	u2c	All	All
Application	Vmware	Vcenter Server	6.5	u2d	All	All
Application	Vmware	Vcenter Server	6.5	u2g	All	All
Application	Vmware	Vcenter Server	6.5	u3	All	All
Application	Vmware	Vcenter Server	6.5	u3d	All	All
Application	Vmware	Vcenter Server	6.5	u3f	All	All
Application	Vmware	Vcenter Server	6.5	u3k	All	All
Application	Vmware	Vcenter Server	6.7	-	All	All
Application	Vmware	Vcenter Server	6.7	a	All	All
Application	Vmware	Vcenter Server	6.7	b	All	All
Application	Vmware	Vcenter Server	6.7	d	All	All
Application	Vmware	Vcenter Server	6.7	u1	All	All
Application	Vmware	Vcenter Server	6.7	u1b	All	All
Application	Vmware	Vcenter Server	6.7	u2	All	All
Application	Vmware	Vcenter Server	6.7	u2a	All	All
Application	Vmware	Vcenter Server	6.7	u2c	All	All
Application	Vmware	Vcenter Server	6.7	u3	All	All
Application	Vmware	Vcenter Server	6.7	u3a	All	All
Application	Vmware	Vcenter Server	6.7	u3b	All	All
Application	Vmware	Vcenter Server	6.7	u3f	All	All
Application	Vmware	Vcenter Server	6.7	u3g	All	All
Application	Vmware	Vcenter Server	6.7	u3j	All	All
Application	Vmware	Vcenter Server	7.0	-	All	All
Application	Vmware	Vcenter Server	7.0	a	All	All
Application	Vmware	Vcenter Server	7.0	b	All	All
Application	Vmware	Vcenter Server	7.0	c	All	All
Application	Vmware	Vcenter Server	7.0	d	All	All
Application	Vmware	Vcenter Server	7.0	u1	All	All
Application	Vmware	Vcenter Server	7.0	u1a	All	All

References

Reference	Source	Link	Tags
VMware vCenter 6.5 / 6.7 / 7.0 Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
VMSA-2021-0002	CONFIRM	www.vmware.com	Vendor Advisory
VMware vCenter Server File Upload / Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
VMware vCenter Server 7.0 Arbitrary File Upload ≈ Packet Storm	MISC	packetstormsecurity.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

216253 VMware vCenter Server 7.0 Update 7.0 U1c Missing (VMSA-2021-0002)
216254 VMware vCenter Server 6.7 Update 6.7 U3l Missing (VMSA-2021-0002)
216255 VMware vCenter Server 6.5 Update 6.5 U3n Missing (VMSA-2021-0002)