Lucene search

K
threatpostMichael MimosoTHREATPOST:72EC8D299FEE5F6E6D9126F814172156
HistoryFeb 15, 2016 - 11:00 a.m.

VMware vCenter Server Patch Reissue

2016-02-1511:00:41
Michael Mimoso
threatpost.com
10

0.971 High

EPSS

Percentile

99.7%

VMware on Saturday reissued a patch from October that incompletely addressed a critically rated remote code execution vulnerability in vCenter Server.

The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on the server; versions 5.5, 5.1 and 5.0 are affected, VMware said. VCenter Server is used by organizations to manage their virtual server environments.

Fridayโ€™s advisory from VMware said that the original patch for CVE-2015-2342 was incomplete, and an additional patch is required.

VMware said that Windows Firewall mitigates the vulnerability as well.

โ€œEven if the Windows Firewall is enabled, users are advised to install the additional patch in order to remove the local privilege elevation,โ€ VMware said.

The original update also patched a remote code execution double free vulnerability in VMware ESXi OpenSLPโ€™s SLPDProcessMessage() function, and a denial-of-service flaw in vCenter Serverโ€™s vpxd. The server did not sanitize long heartbeat messages, which allowed unauthenticated attackers to crash the server.

0.971 High

EPSS

Percentile

99.7%

Related for THREATPOST:72EC8D299FEE5F6E6D9126F814172156