CVE-2014-3790Vmware Vcenter Server Appliance vulnerability

CWE-2644 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.5%
top 33.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vcenter Server Appliance
Timeline
PublishedJun 1
Latest updateMay 17

Description

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDvmware/vcenter5.1, 5.5+1

🔴Vulnerability Details

2
GHSA
GHSA-728j-xgf7-pwf4: Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from2022-05-17
CVEList
CVE-2014-3790: Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from2014-06-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)2015-01-29
CVE-2014-3790 — Vmware vulnerability | cvebase