Detections
Analytics
VMware vCenter Server 6.0.x < 6.0u3b / 6.5.x < 6.5c BlazeDS AMF3 RCE (VMSA-2017-0007)
critical Nessus Plugin ID 99475
Language:
Synopsis
A virtualization management application installed on the remote host is affected by a remote code execution vulnerability.Description
The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u3b or 6.5.x prior to 6.5c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An unauthenticated, remote attacker can exploit this, by sending a specially crafted Java object, to execute arbitrary code.Solution
Upgrade to VMware vCenter Server version 6.0u3b (6.0.0 build-5326177) / 6.0u3b on Windows (6.0.0 build-5318198) / 6.5.0c (6.5.0 build-5318112) or later. Alternatively, apply the vendor-supplied workaround.See Also
https://www.vmware.com/security/advisories/VMSA-2017-0007.html
http://www.nessus.org/u?1bb48b81
Plugin Details
Severity: Critical
ID: 99475
File Name: vmware_vcenter_vmsa-2017-0007.nasl
Version: 1.7
Type: remote
Family: Misc.
Published: 4/19/2017
Updated: 11/13/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-5641
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:vmware:vcenter_server
Required KB Items: Host/VMware/release, Host/VMware/version, Host/VMware/vCenter
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/13/2017
Vulnerability Publication Date: 4/4/2017
Reference Information
CVE: CVE-2017-5641
BID: 97383