CVE-2021-21972: VMware vCenter Server RCE

Q: Can VMware vCenter be compromised remotely?

Yes, CVE-2021-21972 allows unauthenticated RCE on VMware vCenter via file upload. Over 6,700 servers were exposed, leading to mass exploitation by ransomware groups.

CRITICAL

9.8CRITICAL

Published: 2021-02-23Affected: VMware vCenter Server 6.5, 6.7, 7.0CWE-22 ↗

Can VMware vCenter be compromised remotely?

An unauthenticated file upload vulnerability in the vSphere Client (HTML5). Attackers can upload a specially crafted file to the vCenter Server, leading to remote code execution with unrestricted privileges.

Impact & Exploitation

Over 6,700 vCenter servers exposed on the internet. Mass exploitation by ransomware groups and APTs. Full compromise of enterprise virtualization infrastructure.

How Precogs AI Detects VMware vCenter Server RCE

Precogs AI detects file upload vulnerabilities in compiled web applications and identifies vCenter-style arbitrary file write patterns during Binary DAST testing.

Scan for CVE-2021-21972

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2021-21972: VMware vCenter Server RCE

Can VMware vCenter be compromised remotely?

Impact & Exploitation

How Precogs AI Detects VMware vCenter Server RCE

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Can VMware vCenter be compromised remotely?

Impact & Exploitation

How Precogs AI Detects VMware vCenter Server RCE

Related Resources

🔍 Related CWE Entries

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?