VMware vCenter Chargeback Manager Remote Code Execution (VMSA-2013-0008)

Critical Nessus Plugin ID 66897


The remote Windows host has an application installed that is potentially affected by a remote code execution vulnerability.


The version of VMware vCenter Chargeback Manager installed on the remote Windows host is potentially affected by a remote code execution vulnerability due to a flaw in the handling of file uploads. By exploiting this flaw, a remote, unauthenticated attacker could execute arbitrary code subject to the privileges of the user running the application.


Upgrade to VMware vCenter Chargeback Manager 2.5.1 or later.

See Also




Plugin Details

Severity: Critical

ID: 66897

File Name: vmware_vcenter_chargeback_manager_251.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2013/06/14

Modified: 2013/07/26

Dependencies: 10456, 66896

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:vcenter_chargeback_manager

Required KB Items: SMB/VMware vCenter Chargeback Manager/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/06/11

Vulnerability Publication Date: 2013/06/11

Exploitable With

Metasploit (VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload)

Reference Information

CVE: CVE-2013-3520

BID: 60484

OSVDB: 94188

EDB-ID: 27046

VMSA: 2013-0008