Proof-of-concept Exploit Scripts Available for VMware vCenter Server Vulnerability (CVE-2021-21972)

On February 23, VMware published an advisory for three vulnerabilities, including one critical remote code execution vulnerability in its vCenter Server solution. Identified as CVE-2021-21972, the flaw was discovered and disclosed by Mikhail Klyuchnikov, a security researcher at Positive Technologies. Klyuchnikov has recently been credited with discovering and disclosing some notable vulnerabilities in Citrix (CVE-2019-19781) and F5 BIG-IP (CVE-2020-5902), both of which were later exploited in the wild by threat actors.

For more details about CVE-2021-21972, including the availability of proof-of-concept exploit scripts, patches and Tenable product coverage, please visit our blog.