Multiple vulnerabilities in VMware vCenter Server

Published: 2017-11-10 13:49:06
Severity Low
Patch available YES
Number of vulnerabilities 2
CVSSv2 3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2017-4927
CVE-2017-4928
CWE ID CWE-20
CWE-918
Exploitation vector Network
Public exploit Not available
Vulnerable software vCenter Server
Vulnerable software versions vCenter Server 6.0.0
vCenter Server 6.5.0
vCenter Server 5.5.0
Vendor URL VMware, Inc
Advisory type Public

Security Advisory

1) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted LDAP packets and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 6.0 U3c, 6.5 U1.

External links

http://www.vmware.com/security/advisories/ID:%20VMSA-2017-0017.html
https://fortiguard.com/zeroday/1824

2) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted POST requests via the Flash-based vSphere Web Client to trigger a URL validation flaw and conduct server side request forgery (SSRF) and carriage return line feed (CRLF) injection attacks to gain access to arbitrary data.

Remediation

Update to version 5.5 U3f, 6.0 U3c.

External links

http://www.vmware.com/security/advisories/ID:%20VMSA-2017-0017.html

Back to List