Unauthenticated Arbitrary File Read vulnerability in VMware vCenter

The most recent Unauthenticated Arbitrary File Read vulnerability in VMware vCenter has been found by ptswarm, as far it has been published, this vulnerability exists in the 6.5.0a-f VMware version.

PT Swarm is the offensive security department at Positive Technologies. Positive Technologies was founded in 2002 and according to their website, they have grown into strong company with 1000 employees.

Unauthenticated Arbitrary File Read vulnerability

The team at PT SWARM published a tweet, where they shared a picture of a PoC file read vulnerability in VMware vCenter.

PT Swarm Twitter account showing the Unauthenticated Arbitrary File Read vulnerability PoC
Twitter account showing the Unauthenticated Arbitrary File Read vulnerability PoC

They continued, and shared that the local user which is running the service is called ‘EAM‘. According to the vmware site, EAM is the vSphere ESX Agent Manager (EAM), it automates the process of deploying and managing vSphere ESX Agents, while extending the function of an ESXi host to provide additional services that a vSphere solution requires.

It seems that PT Swarm tried to report this via the correct way, but no attention was given. Instead, the vulnerability was patched, and no CVE was published.

Twitter user JLLeitschuh tweeted that:

Sounds really irresponsible for a CNA to fail to issue a CVE for a vulnerability this serious. Because VMware is a CNA, I believe you can’t get a CVE issued by any other CNAs according to the CVE rules. Sounds like a failing of the CVE system. @MITREcorp

Impact

Most likely an exploit will allow the attacker to view or delete arbitrary files on the targeted system.

Share this information