The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vcenter_server | Vmware | 8.0 (including) | 8.0 (including) |
| Vcenter_server | Vmware | 8.0-a (including) | 8.0-a (including) |
| Vcenter_server | Vmware | 8.0-b (including) | 8.0-b (including) |
| Vcenter_server | Vmware | 8.0-c (including) | 8.0-c (including) |
| Vcenter_server | Vmware | 8.0-update1 (including) | 8.0-update1 (including) |
| Vcenter_server | Vmware | 8.0-update1a (including) | 8.0-update1a (including) |
| Vcenter_server | Vmware | 8.0-update1b (including) | 8.0-update1b (including) |
| Vcenter_server | Vmware | 8.0-update1c (including) | 8.0-update1c (including) |
| Vcenter_server | Vmware | 8.0-update1d (including) | 8.0-update1d (including) |
| Vcenter_server | Vmware | 8.0-update1e (including) | 8.0-update1e (including) |
| Vcenter_server | Vmware | 8.0-update2 (including) | 8.0-update2 (including) |
| Vcenter_server | Vmware | 8.0-update2a (including) | 8.0-update2a (including) |
| Vcenter_server | Vmware | 8.0-update2b (including) | 8.0-update2b (including) |
| Vcenter_server | Vmware | 8.0-update2c (including) | 8.0-update2c (including) |