This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.
d46c0245ccc36fc657f9f4ef1767092aVMware Security Advisory 2021-0010 - VMware vCenter Server updates address remote code execution and authentication vulnerabilities.
97d1fdbed186d9dd04de43bce2b20da8VMware Security Advisory 2019-0013 - VMware ESXi and vCenter Server updates address command injection and information disclosure vulnerabilities.
48b7717d1bbcfb96a8455af336b4519cVMware Security Advisory 2019-0014 - VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities.
b458f5143d4d2cae548026e5d196858cVMware Security Advisory 2019-0005 - VMware ESXi, Workstation and Fusion updates address multiple security issues.
8d7829a21cc009037128f8bf2d178e1bVMware Security Advisory 2019-0004 - VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability.
8f3ca8321cfd810fd65b4198893d7205VVMware Security Advisory 2019-0003 - VMware Horizon update addresses Connection Server an information disclosure vulnerability.
76f3dac71537e32727ad6ebb2ba40a25VMware Security Advisory 2019-0002 - VMware Workstation update addresses elevation of privilege issues.
bd52e07808c7e943f940f78dc5dad784VMware Security Advisory 2019-0001 - VMware product updates resolve a mishandled file descriptor vulnerability in the runc container runtime.
736b9efb2c045fd67c59e48728179278VMware Security Advisory 2018-0031 - vRealize Operations updates address a local privilege escalation vulnerability.
9394c105969df49cc87514df90900e5dVMware Security Advisory 2018-0030 - VMware Workstation and Fusion updates address an integer overflow issue.
a36afe863a7a331ed9de526f59017e6cVMware Security Advisory 2018-0029 - vSphere Data Protection (VDP) updates address multiple security issues.
a13b05da406af20fd576764026e2c0d7VMware Security Advisory 2018-0028 - VMware vRealize Log Insight updates address an authorization bypass vulnerability.
2f99ece85e71d427276816027fbcb32eVMware Security Advisory 2018-0027 - VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage.
c90f4cfee02d634beee85044cdd3994fVMware Security Advisory 2018-0026 - VMware ESXi, Workstation, and Fusion updates address an out-of- bounds read vulnerability.
74edba10b62e5341c33bfb5f5e683ec4VMware Security Advisory 2018-0025 - VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability.
bfcb9abfaeb0d38ca07123f7fa05ad62VMware Security Advisory 2018-0024 - VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability.
d7ad13c09ca3a2acd2fbe2f92a903bbaVMware Security Advisory 2018-0023 - AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities.
d9129080eb942fb3be69ed15e131da6bVMware Security Advisory 2018-0022 - VMware Workstation and Fusion updates address an out-of-bounds write issue.
9c110faf3ce72fac65adec4ce75ecc87VMware Security Advisory 2018-0021 - Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances. The mitigations in this advisory are categorized as Operating System Specific Mitigations described by VMware Knowledge Base article 55636.
82cceccb5085e2554a2672350acd9ea5VMware Security Advisory 2018-0020 - VMware vSphere, Workstation, and Fusion updates enable Hypervisor- Specific Mitigations for L1 Terminal Fault - VMM vulnerability. The mitigations in this advisory are categorized as Hypervisor- Specific Mitigations described by VMware Knowledge Base article 55636.
faffdf775a1c484f51bf63d28ccaf13eVMware Security Advisory 2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability.
b40331424283676a792f9c3b3bfd9373VMware Security Advisory 2018-0018 - VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues.
a9cf1720b333c1dbbae97a03d5c288efVMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.
b37fb2d6a4a9ac0257339b146e91c62bVMware Security Advisory 2018-0011.1 - Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud.
33528556c724e88878d3cddd9df431a0
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed