.png)
1 year ago
121 BOOK THIS SPACE FOR AD
ARTICLE AD
## https://sploitus.com/exploit?id=EAE84183-EEEC-5C93-AB4F-725AD31987F9
# CVE-2021-39144-XSTREAM-RCE
[](https://hits.seeyoufarm.com)
</p>
{VMware Cloud Foundation} remote code execution vulnerability via XStream (CVE-2021-39144)
# Description
- VMware Cloud Foundation contains an unauthenticated remote code execution vulnerability via XStream open source library.
- VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8
# usage:
```
_______ _______ __ __ ___ _________
| _ "\ /" __ )|" |/ \| "|(" "\
(. |_) :)(__/ _) ./|' / \: | \___/ :/
|: \/ / // |: /' | / //
(| _ \ __ \_ \ \// /' | __\ ./
|: |_) :)(: \__) :\ / / \ | (: \_/ \
(_______/ \_______)|___/ \___| \_______)
coded by b3w7
usage: vm-xstream.py [-h] [-u URL] [-f FILE] [-c CMD]
options:
-h, --help show this help message and exit
-u URL, --url URL Target URL; Example:http://ip:port
-f FILE, --file FILE Url File; Example:url.txt
-c CMD, --cmd CMD Commands to be executed(whoami as default)
```
# disclaimer:
the author don have any responsibility from misusing the tool
</p>
made for educational purpose only
# links:
- [official advisory](https://www.vmware.com/security/advisories/VMSA-2022-0027.html)
- [blog post(credits goes here)](https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html)
# someone said coffee?
- [here you can buy me one/more](https://www.buymeacoffee.com/b3wt)
Bengali (Bangladesh) · 
English (United States) ·