Vigil@nce - VMware vCenter Server Appliance: privilege escalation via RVC
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use the RVC of VMware vCenter Server
Appliance, in order to escalate his privileges.
– Impacted products: vCenter
– Severity: 2/4
– Creation date: 02/06/2014
DESCRIPTION OF THE VULNERABILITY
The VMware vCenter Server Appliance product provides a RVC (Ruby
vSphere Console).
However, a local attacker can use the RVC to execute commands as
root.
An authenticated attacker can therefore use the RVC of VMware
vCenter Server Appliance, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/VMware-vCenter-Server-Appliance-privilege-escalation-via-RVC-14829