ID CVE-2015-2342
Summary The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
References
Vulnerable Configurations
  • VMware vCenter Server 5.0
    cpe:2.3:a:vmware:vcenter_server:5.0
  • cpe:2.3:a:vmware:vcenter_server:5.1
    cpe:2.3:a:vmware:vcenter_server:5.1
  • VMware vCenter Server 5.5
    cpe:2.3:a:vmware:vcenter_server:5.5
  • VMware vCenter Server 6.0
    cpe:2.3:a:vmware:vcenter_server:6.0
CVSS
Base: 10.0 (as of 13-10-2015 - 09:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Java JMX Server Insecure Configuration Java Code Execution. CVE-2015-2342. Remote exploit for java platform
id EDB-ID:36101
last seen 2016-02-04
modified 2015-02-17
published 2015-02-17
reporter metasploit
source https://www.exploit-db.com/download/36101/
title Java JMX Server Insecure Configuration Java Code Execution
metasploit via4
nessus via4
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2015-0007.NASL
    description The VMware vCenter Server installed on the remote host is affected by the following vulnerabilities : - A flaw exists in the vpxd service due to improper sanitization of long heartbeat messages. An unauthenticated, remote attacker can exploit this to cause a denial of service. (CVE-2015-1047) - A flaw exists due to an insecurely configured and remotely accessible JMX RMI service. An unauthenticated, remote attacker can exploit this, via an MLet file, to execute arbitrary code on the vCenter server with the same privileges as the web server. (CVE-2015-2342)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 86255
    published 2015-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86255
    title VMware vCenter Multiple Vulnerabilities (VMSA-2015-0007)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2015-0007.NASL
    description The remote VMware ESXi host is affected by a remote code execution vulnerability due to a double-free error in the SLPDProcessMessage() function in OpenSLP. An unauthenticated, remote attacker can exploit this, via a crafted package, to execute arbitrary code or cause a denial of service condition.
    last seen 2019-02-21
    modified 2018-10-24
    plugin id 86254
    published 2015-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86254
    title VMSA-2015-0007 : VMware vCenter and ESXi updates address critical security issues
refmap via4
bid 76930
confirm http://www.vmware.com/security/advisories/VMSA-2015-0007.html
fulldisc 20151001 CVE-2015-2342 VMware vCenter Remote Code Execution
misc
sectrack 1033720
vmware via4
description VMware
finder
company 7 Elements
name Doug McLeod
id VMSA-2015-0007
last_updated 2016-06-14T00:00:00
published 2015-10-01T00:00:00
title Vmware
workaround None
Last major update 07-12-2016 - 22:07
Published 12-10-2015 - 06:59
Last modified 11-08-2018 - 21:29
Back to Top