Vulnerability Description
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Server | 5.0 |
References
- http://seclists.org/fulldisclosure/2015/Oct/1
- http://www.securityfocus.com/bid/76930
- http://www.securitytracker.com/id/1033720
- http://www.vmware.com/security/advisories/VMSA-2015-0007.htmlPatchVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-15-455
- https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-
- http://seclists.org/fulldisclosure/2015/Oct/1
- http://www.securityfocus.com/bid/76930
- http://www.securitytracker.com/id/1033720
- http://www.vmware.com/security/advisories/VMSA-2015-0007.htmlPatchVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-15-455
- https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-
FAQ
What is CVE-2015-2342?
CVE-2015-2342 is a vulnerability with a CVSS score of 10.0 (HIGH). The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitra...
How severe is CVE-2015-2342?
CVE-2015-2342 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2342?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Server.