CVE-2015-2342

VMware vCenter Server <6.0 - RCE

Title source: llm

Description

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/36101

View Code ZIP pw:eip

metasploit SCANNER

by rocktheboat · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/java_jmx_server.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Braden Thomas, juan vazquez · rubypocjava

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_jmx_server.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033720

[Patch, Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2015-0007.html

[Various Sources] https://www.7elements.co.uk/resources/technical-advisories/cve-2015-2342-vmware-vcenter-remote-code-execution/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76930

[Mailing List] http://seclists.org/fulldisclosure/2015/Oct/1

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-15-455

Scores

EPSS 0.9203

EPSS Percentile 99.7%

Details

Status published

Products (4)

vmware/vcenter_server 5.0

vmware/vcenter_server 5.1

vmware/vcenter_server 5.5

vmware/vcenter_server 6.0

Published Oct 12, 2015

Tracked Since Feb 18, 2026