Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2019-24


Multiple Vulnerabilities in VMware
Severity Rating: High
Systems Affected:
  • VMware vSphere ESXi (ESXi)
  • VMware vCenter Server (vCenter)
Description
Multiple vulnerabilities have been reported in VMware and they can be exploited by remote attackers to cause execution of shell commands on the infected system. The vulnerabilities reported are as follows:
 1. A command injection vulnerability has been identified in VMware ESXi and this is caused due to the use of a vulnerable version of busybox, which dies not sanitise filenames. As a result, this may execute any escape sequence in the shell. Successful exploitation of the vulnerability can allow remote attackers to trick an ESXi Admin into executing shell commands by providing a malicious file.
 2. An information disclosure vulnerability in clients arising from insufficient session expiration. This is issue affects the following:
 ·         ESXi VMware Host Client (6.7, 6.5, 6.0).
·         vCenter Server vSphere Client (HTML5) (6.7, 6.5).
·         vCenter Server vSphere Web Client (FLEX/Flash) (6.7, 6.5, 6.0).
 
Successful exploitation of the vulnerability can allow an attacker with physical access to mimic a websocket connection to a user’s browser in order to obtain control of a VM Console after the user has logged out or their session has timed out. 
 3. VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. Successful exploitation of the vulnerability can allow a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. VMware vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. Successful exploitation of the vulnerability can allow a malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF. 
Solution
Users are advised to apply updates.
More information is available on:
Vendor Information
VMware
 
CVE Information
 
References
 
VMware Security Advisory
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis