Hypervisor vulnerabilities
Hypervisor vulnerabilities affect the ability to provide and manage core elements, including CPI, I/O, disk, and memory, to virtual machines hosted on the hypervisor. As with any other software system, vulnerabilities are identified and vendors work toward patching them as quickly as possible before an exploit is found.
Several key vulnerabilities exist at this time, specific to VMware ESXi, including buffer overflow and directory traversal vulnerabilities. The following information is taken from the National Vulnerability Database (http://nvd.nist.gov):
Note
National Cyber Awareness System
Vulnerability summary for CVE-2013-3658
Original release date: 09/10/2013
Last revised: 09/12/2013
Source: US-CERT/NIST
Overview
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0 as well as ESX 4.0 and 4.1 allows remote attackers to delete arbitrary host OS files via unspecified vectors.
Impact
CVSS severity (Version 2.0):
CVSS v2 base score: 9.4 (high) (AV:N/AC:L/Au:N/C:N/I:C/A:C) (legend)
Impact subscore: 9.2
Exploitability subscore: 10.0
CVSS Version 2 metrics:
Access vector: Network exploitable
Access complexity: Low
Authentication: Not required to exploit
Impact type: This allows unauthorized modification and the disruption of service
Note that the access vector for both of these vulnerabilities is termed network exploitable, meaning that the vulnerability is remotely exploitable with only network access. The attacker does not need local access to exploit this type of vulnerability. The vulnerability listed in the National Vulnerability Database (http://nvd.nist.gov) is as follows:
Note
National Cyber Awareness System
Vulnerability summary for CVE-2013-3657
Original release date: 09/10/2013
Last revised: 09/13/2013
Source: US-CERT/NIST
Overview
Buffer overflow in VMware ESXi 4.0 through 5.0 as well as ESX 4.0 and 4.1 allows remote attackers to execute the arbitrary code or cause a denial of service via unspecified vectors.
Impact
CVSS severity (Version 2.0):
CVSS v2 base score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact subscore: 6.4
Exploitability subscore: 10.0
CVSS Version 2 metrics:
Access vector: Network exploitable
Access complexity: Low
Authentication: Not required to exploit
Impact type: This allows unauthorized disclosure of information, unauthorized modification, and the disruption of service
When attackers find a vulnerability such as this and see that no authentication is required to exploit and the access vector is network exploitable, they move this up the list as a potential low-risk, high-value target.
It should be noted that at the time of writing this book, these vulnerabilities were active; however, VMware releases patches on a regular basis and some or all of the example vulnerabilities might have already been remediated.
