The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vcenter server 6.5 |
||
vmware vcenter server 6.7 |
||
vmware vcenter server 7.0 |
||
vmware cloud foundation |
Unauthenticated remote code execution possible thanks to vSphere Client bug
VMware has revealed a critical bug that can be exploited to achieve unauthenticated remote code execution in the very core of a virtualised system – vCenter Server. The culprit is the vSphere HTML5 client, which by default includes the Virtual SAN Health plugin – even if you don’t run a VMware VSAN. That plugin lacks input validation and the result, as explained by VMware’s advisory this week, is: “A malicious actor with network access to port 443 may exploit this issue to execute comm...