VMware vCenter Server is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application.
Information
VMWare vCenter Server 5.5 update1
VMWare vCenter Server 5.5 Update 2
VMWare vCenter Server 5.5
VMWare vCenter Server 5.1
VMWare vCenter Server 5.0 update2
VMWare vCenter Server 5.0 Update 1
VMWare vCenter Server 5.0
VMWare vCenter Server 6.0 Update 1
VMWare vCenter Server 5.5 Update 3
VMWare vCenter Server 5.5 U3d
VMWare vCenter Server 5.5 u3
VMWare vCenter Server 5.1 Update u3b
VMWare vCenter Server 5.1 U3d
VMWare vCenter Server 5.1 U3b
VMWare vCenter Server 5.0 Update u3e
VMWare vCenter Server 5.0 U3e
Exploit
The following exploit code is available:
References:
- Exploiting JMX RMI (Accuvant)
- VMware Homepage (VMware)
- VMSA-2015-0007.7: VMware vCenter and ESXi updates address critical security iss (VMware)
- CVE-2015-2342 VMware vCenter Remote Code Execution (7elements)
- VMware vCenter and ESXi updates address critical security issues. (VMWare)
- VMware vCenter Server JMX RMI Remote Code Execution Vulnerability (HP)