7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.6%
Name | vrealize_vcofactory_deserialize |
---|---|
CVE | CVE-2015-6934 Exploit Pack |
VENDOR: VMWare | |
NOTES: | |
IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK. |
VMWare VRealize has a remoting interface named vcofactory. It communicates with a client by exchanging
serialized Java objects.
Apache Commons pre-3.2 allows users to serialize
transformers on collection values. Of importance to us is the InvokerTransfomer, which is capable
of invoking Java methods. We are able to run these transformers by adding them to an
annotation map whose members are acccessed. The right chain of method invocations leads to arbitrary
code execution.
Tested targets:
> vRealize 6.0.1.2490144
- Windows 8.1 Pro x86_64 EN / Java 6u45 - SUCCESS
- Windows 8.1 Pro x86_64 EN / Java 7u80 - SUCCESS
- Windows 8.1 Pro x86_64 EN / Java 8u73 - SUCCESS
> vCenter Orchestrator Appliance
- Appliance’s VMDK is corrupted
> vRealize Operations Manager Appliance 6.2.0.3
- Publically accessible interfaces require client certificate authentication. A CA-signed client certificate is necessary to connect.
Repeatability: Infinite
References: [‘https://www.vmware.com/security/advisories/VMSA-2015-0009’]
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6934
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.6%