⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-02-01.

CVE-2021-21975

CWE-918 — Server-Side Request Forgery (SSRF)10 documents10 sources

Severity

7.5HIGH

EPSS

94.4%

top 0.02%

CISA KEV

KEVRansomware

Added 2022-01-18

Due 2022-02-01

Exploit

Exploited in wild

Active exploitation observed

Affected products

Vmware Cloud Foundation Vmware Vrealize Operations Manager Vmware Vrealize Suite Lifecycle Manager

Timeline

PublishedMar 31

KEV addedJan 18

KEV dueFeb 1

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDvmware/vrealize_operations_manager8 versions+7

▶CVEListV5vmware_vrealize_operationsVMware vRealize Operations prior to 8.4

▶NVDvmware/vrealize_suite_lifecycle_manager4 versions+3

▶NVDvmware/cloud_foundation15 versions+14

🔴Vulnerability Details

GHSA

GHSA-px27-325w-m34c: Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8↗2022-05-24

▶

CVEList

CVE-2021-21975: Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8↗2021-03-31

▶

VulnCheck

VMware Server Side Request Forgery in vRealize Operations Manager API↗2021

▶

💥Exploits & PoCs

Metasploit

VMware vRealize Operations (vROps) Manager SSRF RCE↗

▶

Nuclei

vRealize Operations Manager API - Server-Side Request Forgery

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible vRealize Operations Manager API SSRF Attempt (CVE-2021-21975)↗2022-01-25

▶

📋Vendor Advisories

CISA

VMware Server Side Request Forgery in vRealize Operations Manager API↗2022-01-18

▶

VMware

VMware vRealize Operations updates address Server Side Request Forgery and Arbitrary File Write vulnerabilities (CVE-2021-21975, CVE-2021-21983)↗2021-03-30

▶