VMware vCenter CVE-2021-21972 Related tools
This script will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972.
The script will execute in the following order:
- Create a log file, default log name is Invoke-CVE-2021-21972-Scan-output.txt
- Scan each target host by performing the following:
- Check the root domain for vSphere/vCenter strings
- If not found, check the /ui/ (HTML5 UI) directory for vSphere/vCenter strings
- If not found, no vulnerability scan is performed unless -f/-force parameter is specified
- If not found, check the /ui/ (HTML5 UI) directory for vSphere/vCenter strings
- If strings are found, make a GET request to /ui/vropspluginui/rest/services/uploadova looking for the
following responses:
- 405 - Server is likely vulnerable
- 401 - Server is likely patched
- Other - Server is not vulnerable
- Check the root domain for vSphere/vCenter strings
Basic usage: C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts "vcenter.local","vcenter.net"
All options with force scan: C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts "vcenter.local","vcenter.net" -outputFile "output.txt" -force
All options with force scan (shorthand version): C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -t "vcenter.local","vcenter.net" -o "output.txt" -f
Blog post: https://robwillis.info/2021/02/vmware-vcenter-cve-2021-21972-scan-tool/