CVE-2014-3790

Vmware Vcenter Server Appliance - Access Control

Title source: rule

Description

Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.

References (4)

[Third Party Advisory] http://secunia.com/advisories/58823

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030436

[Third Party Advisory] http://zerodayinitiative.com/advisories/ZDI-14-159/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67756

Scores

EPSS 0.0050

EPSS Percentile 65.7%

Classification

CWE

CWE-264

Status draft

Affected Products (2)

vmware/vcenter_server_appliance

Timeline

Published Jun 01, 2014

Tracked Since Feb 18, 2026