## https://sploitus.com/exploit?id=SAINT:DD019FAE583C9C6BA47143E1F5A5B1F3
Added: 02/25/2021
### Background
[VMware VCenter Server](<https://www.vmware.com/products/vcenter-server.html>) is server management software for controlling VMware VSphere environments.
### Problem
A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command execution.
### Resolution
Apply the fix referenced in [VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>).
### References
<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>
### Limitations
Exploit works against Linux targets. The exploit attempts to upload /home/vsphere-ui/.ssh/authorized_keys to the target. This file should be manually removed after successful exploitation.
The exploit may fail if the vsphere-ui user's password has expired.
### Platforms
Linux