Why WAFs can’t catch VMware CVE-2021-21972 Remote Code Execution Exploit?

2021-03-08T20:22:27
ID WALLARMLAB:7A0E7E3752712070F3E75CEF26AC2CC0
Type wallarmlab
Reporter Ivanwallarm
Modified 2021-03-08T20:22:27

Description

The recent critical security issue in VMware vCenter was discovered this January and fixed on February 23rd https://www.vmware.com/security/advisories/VMSA-2021-0002.html. The exploit looks like a simple JSP shell upload, but for some reason, it's a blind spot for Web Application Firewalls (WAFs). Let's understand why. The CVE-2021-21972 affects vCenter versions 6.5, 6.7, and 7.0. The exploit for Metasploit released https://vulners.com/packetstorm/PACKETSTORM:161695 today. [...]

The post Why WAFs can't catch VMware CVE-2021-21972 Remote Code Execution Exploit? appeared first on Wallarm Blog.