First published: Wed Dec 20 2017(Updated: )
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vCenter Server | =6.5-a | |
VMware vCenter Server | =6.5-b | |
VMware vCenter Server | =6.5-c | |
VMware vCenter Server | =6.5-d | |
VMware vCenter Server | =6.5-e | |
VMware vCenter Server | =6.5-f | |
VMware vCenter Server | =6.5-update1 | |
VMware vCenter Server | =6.5-update1b | |
VMware vCenter Server | =6.5-update1c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-4943.
The severity of CVE-2017-4943 is high, with a severity value of 7.8.
CVE-2017-4943 affects VMware vCenter Server Appliance (vCSA) version 6.5 before 6.5 U1d.
This vulnerability can be exploited by a low privileged user gaining root level privileges over the appliance base OS through the 'showlog' plugin.
Yes, you can find more information about CVE-2017-4943 at the following references: [SecurityTracker](http://www.securitytracker.com/id/1040026) and [VMware Security Advisories](https://www.vmware.com/security/advisories/VMSA-2017-0021.html).