CVE-2021-21978 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in VMware View Planner affects v. 4.x prior to 4.6 Security Patch 1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
29 days
Scan only one
URL
Toolbox
-
VMware View Planner is a tool used for measuring and optimizing the performance of virtual desktop infrastructure (VDI) environments. It enables administrators to accurately simulate a variety of user workloads and test the performance of VDI environments before they are deployed. With VMware View Planner, they can also detect and troubleshoot performance issues, and evaluate the impact of hardware and software changes on VDI environments. It is a popular tool used by organizations to ensure the smooth functioning of their VDI environments.
CVE-2021-21978 is a serious vulnerability that has been detected in VMware View Planner. The vulnerability arises due to improper input validation and lack of authorization, leading to arbitrary file upload in the logupload web application. An unauthorized attacker with network access to View Planner Harness can upload and execute a specially crafted file, resulting in remote code execution within the logupload container. This vulnerability can be easily exploited by an attacker with minimal effort and can cause significant damage to an organization's VDI environment.
If exploited, CVE-2021-21978 can lead to remote code execution within the logupload container, which can result in an attacker gaining unauthorized access to sensitive information stored in the VDI environment. The attacker can also modify or delete data stored in the environment, and disrupt the normal functioning of the VDI environment. This can lead to significant financial loss, a tarnished reputation, and legal consequences for an organization. It is, therefore, crucial to take necessary precautions to protect against this vulnerability.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform provides real-time vulnerability scans, actionable insights, and customizable reports to help organizations identify and address vulnerabilities in their digital assets. With its user-friendly interface and top-notch security features, s4e.io is the ultimate tool for safeguarding digital assets against cyber threats.
REFERENCES
