CVE-2014-3790
VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
Ruby vSphere Console (RVC) en VMware vCenter Server Appliance permite a usuarios remotos autenticados ejecutar comandos arbitrarios como root mediante la evasiĆ³n de una jaula chroot.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability.
The specific flaw exists within the usage of the Ruby vSphere Console (RVC) provided by the vCenter Server Appliance. Commands can be run in a privileged context allowing an attacker to break-out of a chroot jail. This allows for an attacker to elevate privilege and execute commands as root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-19 CVE Reserved
- 2014-05-30 CVE Published
- 2024-01-11 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/58823 | Third Party Advisory | |
http://www.securityfocus.com/bid/67756 | Vdb Entry | |
http://www.securitytracker.com/id/1030436 | Vdb Entry | |
http://zerodayinitiative.com/advisories/ZDI-14-159 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Vcenter Server Appliance Search vendor "Vmware" for product "Vcenter Server Appliance" | 5.1 Search vendor "Vmware" for product "Vcenter Server Appliance" and version "5.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Server Appliance Search vendor "Vmware" for product "Vcenter Server Appliance" | 5.5 Search vendor "Vmware" for product "Vcenter Server Appliance" and version "5.5" | - |
Affected
|