Share
## https://sploitus.com/exploit?id=SAINT:DD019FAE583C9C6BA47143E1F5A5B1F3
Added: 02/25/2021  


### Background

[VMware VCenter Server](<https://www.vmware.com/products/vcenter-server.html>) is server management software for controlling VMware VSphere environments. 

### Problem

A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command execution. 

### Resolution

Apply the fix referenced in [VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>). 

### References

<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>  


### Limitations

Exploit works against Linux targets. The exploit attempts to upload /home/vsphere-ui/.ssh/authorized_keys to the target. This file should be manually removed after successful exploitation. 

The exploit may fail if the vsphere-ui user's password has expired. 

### Platforms

Linux