* Customers who have installed the complete set of ESXi 5.5 U3



Bulletins, please review VMware KB 2133118. KB 2133118 documents a known

non-security issue and provides a solution.

b. VMware vCenter Server JMX RMI Remote Code Execution

VMware vCenter Server contains a remotely accessible JMX RMI service that is

not securely configured. An unauthenticated remote attacker who is able

to connect to the service may be able to use it to execute arbitrary

code on the vCenter Server. A local attacker may be able to elevate

their privileges on vCenter Server.

vCenter Server Appliance (vCSA) 5.1, 5.5 and 6.0 has remote access to the JMX RMI service (port 9875) blocked by default.

VMware would like to thank Doug McLeod of 7 Elements Ltd and an anonymous

researcher working through HP's Zero Day Initiative for reporting this

issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-2342 to this issue.

CRITICAL UPDATE

VMSA-2015-0007.2 and earlier versions of this advisory documented that CVE-2015-2342 was addressed in vCenter Server 5.0 U3e, 5.1 U3b, and 5.5 U3. Subsequently, it was found that the fix for CVE-2015-2342 in vCenter Server 5.0 U3e, 5.1 U3b, and 5.5 U3/U3a/U3b running on Windows was incomplete and did

not address the issue.

In order to address the issue on these versions of vCenter Server Windows, an

additional patch must be installed. This additional patch is available

from VMware Knowledge Base (KB) article 2144428.

In case the Windows Firewall is enabled on the system that has vCenter

Server Windows installed, remote exploitation of CVE-2015-2342 is not

possible. Even if the Windows Firewall is enabled, users are advised to

install the additional patch in order to remove the local privilege

elevation.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

