¡¾·ì϶¹«¸æ¡¿VMwareδÊÚȨ½Ó¼û·ì϶(CVE-2021-22002)

°ä²¼¹¦·ò 2021-08-06

0x00 ·ì϶¸ÅÊö

CVE   ID

CVE-2021-22002

ʱ    ¼ä

2021-08-05

Àà    ÐÍ

δÊÚȨ½Ó¼û

µÈ    ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


¹¥»÷¸´ÔÓ¶È

µÍ

¿ÉÓÃÐÔ

µÍ

Óû§½»»¥

ÎÞ

ËùÐèȨÏÞ

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ

 

0x01 ·ì϶ÏêÇé

image.png

2021Äê8ÔÂ5ÈÕ£¬VMware°ä²¼°²È«¸üУ¬½¨¸´ÁËÆä¶à¸ö²úÆ·ÖеÄ2¸ö°²È«·ì϶£¨CVE-2021-22002ºÍCVE-2021-22003£©£¬ÕâЩ·ì϶ӰÏìÁËVMware Workspace One Access (Access)¡¢VMware Identity Manager (vIDM)¡¢VMware vRealize Automation (vRA)¡¢VMware Cloud FoundationºÍvRealize Suite Lifecycle Manager²úÆ·¡£ÏêÇéÈçÏ£º

VMwareδÊÚȨ½Ó¼û·ì϶(CVE-2021-22002)

VMware Workspace One Access ºÍ Identity ManagerÖдæÔÚδÊÚȨ½Ó¼û·ì϶£¬¿ÉÄÜÍøÂç½Ó¼û443¶Ë¿ÚµÄ¶ñÒâ¹¥»÷ÕßÄܹ»Í¨¹ý´Û¸ÄÖ÷»úÍ·À´½Ó¼û8443¶Ë¿ÚÉϵÄ/cfg webÀûÓ÷¨Ê½ºÍÕï¶Ï¶Ëµã£¨Î´¾­Éí·ÝÑéÖ¤£©£¬¸Ã·ì϶µÄCVSSv3ÆÀ·ÖΪ8.6£¨¸ßΣ£©¡£

 

VMwareÐÅϢй¶·ì϶(CVE-2021-22003)

ÓÉÓÚVMware Workspace One Access ºÍ Identity ManagerÒâ±íÔÚ7443¶Ë¿ÚÌṩÁËÒ»¸öµÇ¼½çÃ棬¿ÉÄÜÍøÂç½Ó¼û7443¶Ë¿ÚµÄ¶ñÒâ¹¥»÷Õß¿ÉÄ᳢ܻÊÔͨ¹ýÓû§Ã¶¾Ù»ò¶ÔµÇ¼¶Ëµã½øÐб©Á¦Æƽ⹥»÷¡£µ«ÓÉÓÚÕ½ÊõÅäÖúÍÃÜÂ븴ÔÓÐÔ£¬¸Ã·ì϶²»Ì«¿ÉÄܱ»ÀûÓã¬ÆäCVSSv3ÆÀ·ÖΪ3.7£¨µÍΣ£©¡£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°ÕâЩ·ì϶ÒѾ­½¨¸´¡£½¨Òé²Î¿¼Ï±íʵʱÉý¼¶¸üУº

²úÆ·

Ó°Ïì°æ±¾

CVE-ID

²¹¶¡

Access

20.10.01

CVE-2021-22002, CVE-2021-22003

https://kb.vmware.com/s/article/85254

20.10

vIDM

3.3.5

CVE-2021-22002, CVE-2021-22003

3.3.4

3.3.3

3.3.2

vRealize Automation

8.x

CVE-2021-22002, CVE-2021-22003

²»ÊÜÓ°Ïì

vRealize Automation (vIDM)

7.6

CVE-2021-22002

²¹¶¡´òË㣺

https://kb.vmware.com/s/article/85255

vRealize Automation (vIDM)

7.6

CVE-2021-22003

²»ÊÜÓ°Ïì

VMware Cloud Foundation (vIDM)

4.x

CVE-2021-22002, CVE-2021-22003

https://kb.vmware.com/s/article/85254

8.x

 

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2021-0016.html

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2021-0016.html

https://kb.vmware.com/s/article/85254

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22002

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

Åú¸ÄÄÚÈÝ

V1.0

2021-08-06

³õ´Î°ä²¼

 

0x05 Îĵµ¸½Â¼

CNVD£ºwww.cnvd.org.cn

CNNVD£ºwww.cnnvd.org.cn

CVE£ºcve.mitre.org

NVD£ºnvd.nist.gov

CVSS£ºwww.first.org

 

0x06 ¹ØÓÚGA»Æ½ð¼×

¹Ø×¢ÒÔϹ«¼ÒºÅ£¬»ñÈ¡¸ü¶à×ÊѶ£º

         image.png