Vulnerabilities have been discovered within VMware vCenter and ESXi that allows remote code execution. VMware vCenter Server provides a centralized platform for managing your VMware vSphere environments so you can automate and deliver a virtual infrastructure. VMware ESXi Server is computer virtualization software and can be used to facilitate centralized management for enterprise desktops and data center applications. Successful exploitation could result in system level access to virtual machine host servers, and result in a full compromise of the environment. An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- VMware vCenter Server 6.0 Any
- VMware vCenter Server 5.5 Any
- VMware vCenter Server 5.1 Any
- VMware vCenter Server 5.0 Any
- VMware ESXi 5.5 without patch ESXi550-201509101
- VMware ESXi 5.1 without patch ESXi510-201510101
- VMware ESXi 5.0 without patch ESXi500-201510101
Vulnerabilities have been discovered within VMware vCenter and ESXi that allows remote code execution. The vulnerabilities as follows:
- An improperly configured Java Management Extensions (JMX) service that can be manipulated remotely without authentication. The JMX service allows users to call the 'javax.management.loading.MLet' function, which permits the loading of an MBean [managed Java bean] from a remote URL. [CVE-2015-2342]
- Does not properly sanitize long heartbeat messages. Exploitation of this issue may allow an unauthenticated attacker to create a denial-of-service condition in the vpxd service. [CVE-2015-1047]
*NOTE: VMware vCenter Server 6.0 is NOT AFFECTED by CVE-2015-1047
- VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. [CVE-2015-5177]
There is a known issue affecting VMware ESXi 5.5 Update 3. This has a nasty bug that crashes guest virtual machines if you delete a snapshot. Currently, there is no resolution. To work around this issue please visit: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2133118
Successful exploitation could result in system level access to virtual machine host servers, and result in a full compromise of the environment. An attacker could install programs; view, change, or delete data; or create new accounts with full user rights.
- Apply appropriate patches provided by VMware to vulnerable systems immediately after appropriate testing.
- Remind users not to visit websites or follow links provided by unknown or untrusted sources.
- If no updates and patches are available, monitor or contact your vendors for availability.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.