Exploit for VMware vCenter Server local privilege elevation

Name: Exploit for VMware vCenter Server local privilege elevation
Rating: 5 (118 reviews)

2022-12-12 | CVSS 1.3

## https://sploitus.com/exploit?id=SAINT:DAA3E0F3610AF8207260B0CEE1846D8A
Added: 12/12/2022  


### Background

[VMware vCenter Server](<https://www.vmware.com/products/vcenter-server.html>) is server management software for controlling VMware vSphere environments. 

### Problem

Improper permissions on the `**java-wrapper-vmon**` file allow authenticated, unprivileged attackers to gain root privileges. 

### Resolution

Upgrade to vCenter Server 7.0 U2c or higher. 

### References

<https://www.vmware.com/security/advisories/VMSA-2021-0020.html>  


### Limitations

The shell connection will only occur after the `**vmware-vmon**` service restarts or the target is rebooted. The exploit remains listening for a connectback in the background. 

After a successful exploit, you will need to remove the exploit code from `**/usr/lib/vmware-vmon/java-wrapper-vmon**`. 

### Platforms

Linux