VMware vCenter Unauthenticated Arbitrary File Read Vulnerability Alert
On October 13, 2020, @ptswarm issued a risk notice for VMware vCenter arbitrary file reading. A remote attacker can arbitrarily read files on the host by accessing the open vCenter console. You can read the vCenter configuration file to obtain the management account password and then control the vCenter platform and the virtual machine clusters it manages.
Vulnerability Detail
We found an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter. VMware revealed that this vulnerability was patched in 6.5u1, but no CVE was assigned.
The PoC ⬇️ pic.twitter.com/LfvbyBUhF5
— PT SWARM (@ptswarm) October 13, 2020
Under the specific path of the vCenter Web service, there is an unverified external controllable parameter. You can directly pass in any file path and return the specific file content.
Affected version
- Vmware vCenter Server : <=6.5.0
Unaffected version
- VMware vCenter 6.5.0u1
- VMware vCenter 7.*
Solution
In this regard, we recommend that users upgrade vCenter Server to the latest version in time.
