Critical remote code execution bug found in VMware vCenter

By

Patches available for no-authentication vulnerability with proof-of-concept.

Administrators are advised to patch their VMware servers as soon as possible, after a proof of concept for a critical remote code execution (RCE) vulnerability that requires no authentication to exploit was released.

Critical remote code execution bug found in VMware vCenter

Positive Technologies security researcher Mikhail Klyuchnikov reported the RCE vulnerability  to VMware in October last year, but kept details of the flaw under wraps.

However, a Chinese security vendor, Noah Lab, published a proof of concept for vCenter RCE today.

Mass scans for the vulnerability are currently taking place, security vendor Bad Packets said.

Klyuchnikov said the RCE vulnerability is due to attackers being able to upload unauthorised files such as Java Server Pages scripts to VMware servers, enabling the execution of arbitrary commands with elevated privileges.

As a result, "a malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware said in its security advisory this week.

VMware has released patches for the RCE which is rated as critical with a 9.8 out of 10 score.

A second RCE vulnerability in the OpenSLP (Server Location Protocol), rated as important with a score of 8.8, was also patched by VMware, along with five bugs deemed moderately severe.

VMware said its ESXi, the vSphere Client for Center Server and Cloud Foundation products are vulnerable to the above flaws.

A scan of the internet by iTnews using the Shodan search engine found 112 potentially vulnerable vCenter systems in Australia, and 13 in New Zealand.

Around the world, Shodan found 6575 systems, most of them being located on United States networks.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?