PowerShell Script – VMware vCenter CVE-2021-21972 Scan Tool

Posted on by

In this post, I am releasing a PowerShell POC script that will scan the specified target hosts and attempt to detect those that are vulnerable to VMware vCenter CVE-2021-21972.

You can find the script, Invoke-CVE-2021-21972-Scan.ps1, on my github here:
https://github.com/robwillisinfo/VMware_vCenter_CVE-2021-21972

The script executes in the following order:

  • Create a log file, default log name is Invoke-CVE-2021-21972-Scan-output.txt
  • Scan each target host by performing the following:
    • Check the root domain for vSphere/vCenter strings
      • If not found, check the /ui/ (HTML5 UI) directory for vSphere/vCenter strings
        • If not found, no vulnerability scan is performed unless -f/-force parameter is specified
    • If strings are found, make a GET request to /ui/vropspluginui/rest/services/uploadova looking for the following responses:
      • 405 – Server is likely vulnerable
      • 401 – Server is likely patched
      • Other – Server is not vulnerable

Examples

Basic usage:
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts “vcenter.local”,”vcenter.net”

Vulnerable:

Patched:

All options with force scan:
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -targetHosts “vcenter.local”,”vcenter.net” -outputFile “output.txt” -force

All options with force scan (shorthand version):
C:\PS> PowerShell.exe -ExecutionPolicy Bypass .\Invoke-CVE-2021-21972-Scan.ps1 -t “vcenter.local”,”vcenter.net” -o “output.txt” -f

Comments are closed.