Unauthenticated Arbitrary File Read vulnerability in VMware vCenter
Description
VMware vCenter Server is a centralized management platform for VMware vSphere virtualized environments.
Versions of VMware vCenter Server prior to 6.5u1 contain an unauthenticated arbitrary file read vulnerability (path traversal) that allows remote attackers to read sensitive files from the underlying operating system without requiring authentication. This vulnerability can be exploited by manipulating file path parameters to traverse directory structures and access files outside the intended directory.
Remediation
Apply the following remediation steps immediately:
1. Upgrade VMware vCenter Server to version 6.5u1 or later, which contains the fix for this vulnerability.
2. Review vCenter Server access logs for any suspicious file access patterns or unauthorized access attempts that may indicate exploitation.
3. Implement network segmentation to restrict access to vCenter Server to only trusted management networks and authorized administrators.
4. Deploy a web application firewall (WAF) or intrusion prevention system (IPS) with rules to detect and block path traversal attempts as a compensating control until patching is complete.
5. Follow VMware's official security advisories and patch management guidelines for your specific deployment configuration.