Description
The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- VMware / Cloud Foundation5.x, 4.5.x – 5.x, 4.5.x
- VMware / Telco Cloud Infrastructure3.x, 2.x – 3.x, 2.x
- VMware / Telco Cloud Platform5.x, 4.x, 3.x, 2.x – 5.x, 4.x, 3.x, 2.x
- VMware / vCenter Server8.0 – 8.0 U3e
- VMware / vCenter Server7.0 – 7.0 U3v