VMware vCenter Server 6.0.x < 6.0u3b / 6.5.x < 6.5c BlazeDS AMF3 RCE (VMSA-2017-0007)

High Nessus Plugin ID 99475


A virtualization management application installed on the remote host is affected by a remote code execution vulnerability.


The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u3b or 6.5.x prior to 6.5c. It is, therefore, affected by a flaw in FlexBlazeDS when processing AMF3 messages due to allowing the instantiation of arbitrary classes when deserializing objects. An unauthenticated, remote attacker can exploit this, by sending a specially crafted Java object, to execute arbitrary code.


Upgrade to VMware vCenter Server version 6.0u3b (6.0.0 build-5326177) / 6.0u3b on Windows (6.0.0 build-5318198) / 6.5.0c (6.5.0 build-5318112) or later. Alternatively, apply the vendor-supplied workaround.

See Also





Plugin Details

Severity: High

ID: 99475

File Name: vmware_vcenter_vmsa-2017-0007.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2017/04/19

Modified: 2017/08/16

Dependencies: 63061, 11936, 22964

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:vcenter_server

Required KB Items: Host/VMware/vCenter, Host/VMware/version, Host/VMware/release

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/04/13

Vulnerability Publication Date: 2017/04/04

Reference Information

CVE: CVE-2017-5641

BID: 97383

OSVDB: 155134

VMSA: 2017-0007

CERT: 307983