VMware vCenter SDK API Probe for 2021-08-06
Aug 06, 2021
WebExploit
Last Updated: 12:00 UTC
/sdk is the vCenter Managed Object Browser and SOAP API endpoint. CVE-2021-22005 (file upload RCE via analytics service) and CVE-2021-21985 (vSphere Client plugin RCE) both achieve unauthenticated code execution against the vCenter management plane.
CVE References
MITRE ATT&CK
Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application
Observed URIs
/sdk
Attackers by Country
IP Address : ASN : City/Provider
- 186.113.45.106 : AS3816 colombia telecomunicaciones s.a. esp : Tuluá