Check Point Reference: | CPAI-2015-1231 |
Date Published: | 22 Oct 2015 |
Severity: | Critical |
Last Updated: | Wednesday 27 January, 2016 |
Source: | VMware |
Industry Reference: | CVE-2015-2342 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | VMWare vCenter Server 5.0 prior to u3e VMWare vCenter Server 5.1 prior to u3b VMWare vCenter Server 5.5 prior to u3 VMWare vCenter Server 6.0 prior to u1 |
Vulnerability Description | A code execution vulnerability exists in VMware vCenter Server. The vulnerability is due to a lack of enforced authentication in the default configuration (in wrapper.conf). A remote, unauthenticated attacker can exploit this vulnerability by sending a JMX/RMI request to the target server, to execute arbitrary code. In VMware vCenter Server 5.5 and prior versions, a successful attack will result in the ability of the attacker to execute arbitrary code with SYSTEM privileges. |
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Application Servers Protection Violation.
Attack Information: VMware vCenter Server JMX Remote Code Execution