VMware vCenter Leaks: CVE-2011-0426 and CVE-2011-1788

vCenter has a flaw that provides network read access to arbitrary files. VMware has released an advisory with patch information (VMSA-2011-0008):

A directory traversal vulnerability allows an attacker to remotely retrieve files from vCenter Server without authentication. In order to exploit this vulnerability, the attacker will need to have access to the network on which the vCenter Server host resides.

If you have network access to vCenter and login as a user, the same advisory points out that session IDs are exposed.

The SOAP session ID can be retrieved by any user that is logged in to vCenter Server. This might allow a local unprivileged user on vCenter Server to elevate his or her privileges.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.