Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2342 — Vmware Vcenter Server vulnerability

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

92.0%

top 0.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware Vcenter Server

Timeline

PublishedOct 12

Latest updateMay 14

Description

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDvmware/vcenter_server4 versions+3

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-w37r-rg6f-g7rh: The JMX RMI service in VMware vCenter Server 5↗2022-05-14

▶

CVEList

CVE-2015-2342: The JMX RMI service in VMware vCenter Server 5↗2015-10-12

▶

💥Exploits & PoCs

Exploit-DB

Java JMX - Server Insecure Configuration Java Code Execution (Metasploit)↗2015-02-17

▶