VMware vCenter SDK API Probe for 2021-10-13
Oct 13, 2021
WebExploit
Last Updated: 12:00 UTC
/sdk is the vCenter Managed Object Browser and SOAP API endpoint. CVE-2021-22005 (file upload RCE via analytics service) and CVE-2021-21985 (vSphere Client plugin RCE) both achieve unauthenticated code execution against the vCenter management plane.
CVE References
MITRE ATT&CK
Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application
Observed URIs
/sdk
Attackers by Country
IP Address : ASN : City/Provider
- 50.31.21.7 : AS32748 steadfast : United States of America