VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege “Add Existing Disk" to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot.

Unpriviledged vCenter Server users or groups that are assigned the predefined role “Virtual Machine Power User” or “Resource Pool Administrator” have the privilege “Add Existing Disk”.

The issue cannot be exploited through VMware vCloud Director.

Workaround

Mitigation

VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5973 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.