File Read Vulnerability in VMware vCenter Prior to Version 6.5u1

Small note for users of VMware vCenter before version 6.5u1. If you are using older versions, you should update to 6.5u1. This is because there is a vulnerability that allows files to be read without authentication.


It's a somewhat crude issue that was brought to my attention via Twitter. There is an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter prior to 6.5u1, but no CVE has been assigned.

Unauthenticated Arbitrary File Read in VMware vCenter

Using the password hints in the above tweet, an attacker can gain read access to files. The tweet is quite recent, but I checked the web. This post is two months as and probably describes exactly the same issue published by @ptswarm on Twitter in October 2020. The vulnerability was fixed with the update to 6.5u1.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Virtualization and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.