Remote Command Execution Vulnerability in VMware vCenter Server Appliance
CVE-2014-3790

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcenter Server Appliance
Vendor: CVE Published:; 1 June 2014

Summary

The Ruby vSphere Console (RVC) in VMware vCenter Server Appliance has a security flaw that permits remote authenticated users to execute arbitrary commands as root. This issue arises due to improper isolation within the chroot jail environment, which could be exploited to perform unauthorized actions within the system.

References

http://www.securitytracker.com/id/1030436

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/58823

third-party-advisoryx_refsource_SECUNIA

http://zerodayinitiative.com/advisories/ZDI-14-159/

x_refsource_MISC

Timeline

Vulnerability published
Jun 1, 2014
Vulnerability Reserved
May 19, 2014