You are here

V-177: VMware vCenter Chargeback Manager File Upload Handling Vulnerability

June 13, 2013 - 6:00am

Addthis

PROBLEM:

vCenter Chargeback Manager Remote Code Execution

PLATFORM:

VMware vCenter Chargeback Manager 2.x

ABSTRACT:

The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution

REFERENCE LINKS:

Secunia Advisory SA53798
VMWare Security Advisory VMSA-2013-0008
CVE-2013-3520

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely.

IMPACT:

System Access

SOLUTION:

Vendor recommends updating to version 2.5.1

 

Addthis