VMware vCenter vScalation Privilege Escalation
This Metasploit module exploits a privilege escalation in vSphere/vCenter
due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon
file. It is possible for anyone in the cis group to write to the file,
which will execute as root on vmware-vmon service restart or host reboot.
This module was successfully tested against VMware VirtualCenter 6.5.0 build-7070488. Vulnerable versions should include vCenter 7.0 before U2c, vCenter 6.7 before U3o, and vCenter 6.5 before U3q.
https://packetstormsecurity.com/files/170116/vcenter_java_wrapper_vmon_priv_esc .rb.txt
Tue, 06 Dec 2022 16:23:46 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com