APP: VMware vCenter Server JMX Remote Code Execution
This signature detects attempts to exploit a known vulnerability against VMware vCenter Server. The vulnerability is due to a lack of enforced authentication in the default configuration (in wrapper.conf). A successful attack can lead to arbitrary code execution.
Extended Description
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
Affected Products
Vmware vcenter_server
Short Name
APP:VCENTER-JMX-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2015-2342 Code Execution JMX Remote Server VMware vCenter
Release Date
01/04/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
Port
TCP/58734,9875,49160
False Positive
Unknown
Vendors
Vmware
CVSS Score
10.0