First published: Mon Oct 12 2015(Updated: )
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vCenter | =5.0 | |
VMware vCenter | =5.1 | |
VMware vCenter | =5.5 | |
VMware vCenter | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-2342 is rated as critical due to the potential for remote code execution.
To mitigate CVE-2015-2342, ensure that you upgrade to the patched versions of VMware vCenter Server as specified in the vendor's advisory.
CVE-2015-2342 affects VMware vCenter Server versions 5.0, 5.1, 5.5, and 6.0 prior to their respective updates.
Yes, CVE-2015-2342 can be exploited remotely by attackers via the RMI protocol.
Exploiting CVE-2015-2342 allows attackers to execute arbitrary code, potentially compromising the entire VMware environment.