VMware vCenter Server Products Multiple Vulnerabilities

Last Update Date: 29 Apr 2013 18:29 Release Date: 29 Apr 2013 4242 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - VM Ware

TYPE: VM Ware

Multiple vulnerabilities have been identified in VMware vCenter Server products, which can be exploited by attacker to bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

  1. The authentication mechanism when using Active Directory (AD) with anonymous LDAP binding does not properly verify login credentials. This can be exploited to bypass authentication and login as an arbitrary user by providing a valid user name and a blank password.
  2. An error within the Virtual Appliance Management Interface (VAMI) can be exploited to execute existing files as root. 
  3. An error within the Virtual Appliance Management Interface (VAMI) can be exploited to upload malicious files to an arbitrary location.
  4. The application bundled a vulnerable version of Java.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • VMware vCenter Server 5.x
  • VMware vCenter Server Appliance 5.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 5.1 Update 1.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Citrix NetScaler / Access Gateway Security Bypass Vulnerability

29 Apr 2013 4288 Views

Next

Cisco IOS XR Deny Service Vulnerability

30 Apr 2013 4204 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY