Multiplle vulnerabilities in VMWare ESXi and vCenter
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-16544 CVE-2019-5531 CVE-2019-5532 CVE-2019-5534 |
| CWE-ID | CWE-20 CWE-613 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware ESXi Operating systems & Components / Operating system vCenter Server vSphere Web Client Client/Desktop applications / Software for system administration vCenter Server vSphere Client Client/Desktop applications / Software for system administration vCenter Server Server applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU11326
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16544
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the add_match function in libbb/lineedit.c due to the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. A remote attacker can execute arbitrary code with the system privileges and write arbitrary files.
Successful exploitation of the vulnerability may result in system compromise.
VMware ESXi: 6.0 - 6.7
External linkshttp://www.vmware.com/security/advisories/VMSA-2019-0013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient Session Expiration
EUVDB-ID: #VU21147
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5531
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationvCenter Server vSphere Web Client: 6.0 - 6.7
vCenter Server vSphere Client: 6.5 - 6.7
VMware ESXi: 6.0 - 6.7
External linkshttp://www.vmware.com/security/advisories/VMSA-2019-0013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cleartext storage of sensitive information
EUVDB-ID: #VU21148
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5532
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to VMware vCenter Server logs user credentials of guest operating system in plain text when deployed through OVF. A local user of the host operating system is able to read log files and gain superuser credentials of deployed guest operating systems.
MitigationInstall updates from vendor's website.
Vulnerable software versionsvCenter Server: 6.0 GA - 6.7.0d
External linkshttp://www.vmware.com/security/advisories/VMSA-2019-0013.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext storage of sensitive information
EUVDB-ID: #VU21149
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-5534
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to VMware vCenter Server stores user credentials of guest operating system in plain text within the vAppConfig properties, when deployed through OVF. A local user of the host operating system with access to vAppConfig properties is able to read log files and gain superuser credentials of deployed guest operating systems.
MitigationInstall updates from vendor's website.
Vulnerable software versionsvCenter Server: 6.0 GA - 6.7.0d
External linkshttp://www.vmware.com/security/advisories/VMSA-2019-0013.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
