漏洞描述
该漏洞存在于VMware ESXi产品中的文件系统访问控制机制中。漏洞涉及VMX进程对文件系统的访问控制实现缺陷。当系统处理特定的文件操作请求时,由于权限校验不当,可能导致攻击者绕过现有的安全限制。攻击者需要在VMX进程中具有特定权限才能利用此漏洞。该漏洞的根本原因是文件系统权限检查机制存在设计缺陷。
VMware ESXi 越界写入漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-21973: VMware vSphere - Server-Side Request Forgery
- POC CVE-2021-21978: VMware View Planner <4.6 SP1- Remote Code Execution
- POC CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-31656: VMware - Local File Inclusion
- POC CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
- POC CVE-2023-20887: VMware VRealize Network Insight - Remote Code Execution
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability