VMware vCenter and ESX contain multiple vulnerabilities, including a failure to properly verify login credentials in Active Directory with anonymous LDAP binding (vCenter only) and a vulnerable version of Java (vCenter and ESX). Successful exploitation of these vulnerabilities may lead to information disclosure, denial of service, or remote code execution.
No Exploit Available
Remote Code Execution
Exploitation of these vulnerabilities is possible via multiple different vectors. Attackers who successfully exploit these vulnerabilities will be able to execute code on the vulnerable system, possibly allowing the attacker full control of the target system.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 18956 - VMware vCenter Server Products Multiple Vulnerabilities (20130426) - vCenter 5.1
- 31125 - VMWare Products Multiple Vulnerabilities (20131018) - vCenter Server 5.0
- 18958 - VMware ESX Java Multiple Vulnerabilities (Zero-Day)
- 18961 - VMware vCenter Server Products Multiple Vulnerabilities (Zero-Day) - vCenter 4.1
Install the available patch for vCenter 5.1 and 5.0; otherwise, no mtigiation is currently available.