Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3733 — Path Traversal in Vmware ESX

CWE-22 — Path Traversal5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

90.1%

top 0.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware ESX Vmware Esxi Vmware Server

Timeline

PublishedNov 2

Latest updateMay 2

Description

Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDvmware/esxi3.5

▶NVDvmware/server14 versions+13

▶NVDvmware/esx3.0.3, 3.5+1

Patches

Patch: lists.vmware.com ↗Patch: www.vmware.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-wfqc-2mvj-wfhf: Directory traversal vulnerability in VMware Server 1↗2022-05-02

▶

CVEList

CVE-2009-3733: Directory traversal vulnerability in VMware Server 1↗2009-11-02

▶

VulnCheck

VMware ESXi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')↗2009

▶

💥Exploits & PoCs

Exploit-DB

VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal↗2009-10-27

▶