VMware ESX and ESXi contain multible vulnerabilities due to bundled versions of libxml2, GNU TLS, OpenSSL, and the Linux kernel. Successful exploitation may result in elevation of privilege, information disclosure, or denial of service.
VMware ESX 4.0
VMware ESXi 4.0, 5.0, 5.1
Elevation of Privilege
Of the various vulnerabilities present in VMware ESX and ESXi, the worst of which may allow an attacker to have an opportunity to elevate their privileges. This may allow them to perform actions that would normally be restricted from them, including the ability to access sensitive data and executing arbitrary code.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19926 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESXi 5.1/5.0/4.0
- 19927 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESX 4.0
No mitigations are currently available.