A team of experts at IT security consultancy, 7 Elements has discovered a recent VMware vCentre vulnerability (CVE-2015-2342) that could result in unauthorised remote access.
A flaw within the management interface resulted in system level access to the hosting server, which could have led to the full compromise of the enterprise environment. The vulnerability takes advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
VMware acknowledged 7 Elements' work identifying the vulnerability issuing a comment: “VMware would like to thank Dough McLeod of 7 Elements Ltd and an anonymous researcher working through HP's Zero Day Initiative for highlighting the vulnerability.”
McLeod of 7 Elements said, “It is a trivial exercise to gain full control over a vulnerable vCenter instance. We would strongly recommend anyone running vCenter to ensure that they have either deployed the latest version from VMware or apply the relevant security patch.”
7 Elements has begun a long process to disclose the issue since there is significant commercial use of VMware products in enterprise level environments. VMware is providing fixes in the latest version of vCenter 6.0 update 1 as well as updates to all versions that were previously affected.