Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
Insight
Insight
a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege 'Add Existing Disk' to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot. Unpriviledged vCenter Server users or groups that are assigned the predefined role 'Virtual Machine Power User' or 'Resource Pool Administrator' have the privilege 'Add Existing Disk'. The issue cannot be exploited through VMware vCloud Director. Workaround A workaround is provided in VMware Knowledge Base article 2066856. Mitigation In a default vCenter Server installation no unprivileged users or groups are assigned the predefined role 'Virtual Machine Power User' or 'Resource Pool Administrator'. Restrict the number of vCenter Server users that have the privilege 'Add Existing Disk'.
Affected Software
Affected Software
VMware ESXi 5.5 Build < 1474526 VMware ESXi 5.1 Build < 1312874 VMware ESXi 5.0 Build < 1311177
Detection Method
Detection Method
Check the build number.
Solution
Solution
Apply the missing patch(es).