VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability

VMware vCenter Server is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application.

Information

Bugtraq ID: 76930
Class: Design Error
CVE: CVE-2015-2342

Remote: Yes
Local: No
Published: Oct 01 2015 12:00AM
Updated: Aug 10 2018 10:00AM
Credit: Doug McLeod of 7 Elements Ltd and an anonymous researcher working through HP's Zero Day Initiative.
Vulnerable: VMWare vCenter Server 6.0
VMWare vCenter Server 5.5 update1
VMWare vCenter Server 5.5 Update 2
VMWare vCenter Server 5.5
VMWare vCenter Server 5.1
VMWare vCenter Server 5.0 update2
VMWare vCenter Server 5.0 Update 1
VMWare vCenter Server 5.0

Not Vulnerable: VMWare vCenter Server 6.0.0b
VMWare vCenter Server 6.0 Update 1
VMWare vCenter Server 5.5 Update 3
VMWare vCenter Server 5.5 U3d
VMWare vCenter Server 5.5 u3
VMWare vCenter Server 5.1 Update u3b
VMWare vCenter Server 5.1 U3d
VMWare vCenter Server 5.1 U3b
VMWare vCenter Server 5.0 Update u3e
VMWare vCenter Server 5.0 U3e

Exploit

The following exploit code is available:

• /data/vulnerabilities/exploits/76930.rb
• /data/vulnerabilities/exploits/76930.rb

References:

• Exploiting JMX RMI (Accuvant)
  
• VMware Homepage (VMware)
  
• VMSA-2015-0007.7: VMware vCenter and ESXi updates address critical security iss (VMware)
  
• CVE-2015-2342 VMware vCenter Remote Code Execution (7elements)
  
• VMware vCenter and ESXi updates address critical security issues. (VMWare)
  
• VMware vCenter Server JMX RMI Remote Code Execution Vulnerability (HP)
  

Source: www.securityfocus.com