SB2019091707 - Multiplle vulnerabilities in VMWare ESXi and vCenter

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019091707

SB2019091707 - Multiplle vulnerabilities in VMWare ESXi and vCenter

Published: September 17, 2019

Security Bulletin ID SB2019091707
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2017-16544)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the add_match function in libbb/lineedit.c due to the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. A remote attacker can execute arbitrary code with the system privileges and write arbitrary files.

Successful exploitation of the vulnerability may result in system compromise.

2) Insufficient Session Expiration (CVE-ID: CVE-2019-5531)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.


3) Cleartext storage of sensitive information (CVE-ID: CVE-2019-5532)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to VMware vCenter Server logs user credentials of guest operating system in plain text when deployed through OVF. A local user of the host operating system is able to read log files and gain superuser credentials of deployed guest operating systems.


4) Cleartext storage of sensitive information (CVE-ID: CVE-2019-5534)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to VMware vCenter Server stores user credentials of guest operating system in plain text within the vAppConfig properties, when deployed through OVF. A local user of the host operating system with access to vAppConfig properties is able to read log files and gain superuser credentials of deployed guest operating systems.


Remediation

Install update from vendor's website.

References