VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007)
Critical Nessus Plugin ID 86255
SynopsisThe remote host has a virtualization management application installed that is affected by multiple vulnerabilities.
DescriptionThe VMware vCenter Server installed on the remote host is affected by the following vulnerabilities :
- A flaw exists in the vpxd service due to improper sanitization of long heartbeat messages. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2015-1047)
- A flaw exists due to an insecurely configured and remotely accessible JMX RMI service. An unauthenticated, remote attacker can exploit this, via an MLet file, to execute arbitrary code on the vCenter server with the same privileges as the web server. (CVE-2015-2342)
SolutionUpgrade to VMware vCenter Server 6.0.0b (6.0.0 build-2776510), 5.5u3 (5.5.0 build-3000241), 5.1u3b (5.1.0 build-3070521), or 5.0u3e (5.0.0 build-3073234) or later.