VMware RabbitMQ – Security Update

Home/Security Update, Software Issues/VMware RabbitMQ – Security Update

VMware RabbitMQ – Security Update

VMware RabbitMQ Arbitrary Code Execution Vulnerability

Short Summary:
A code execution vulnerability was found in VMware RabbitMQ. The vulnerability is caused due to a Windows-specific binary planting security flaw. This vulnerability can be exploited by an authenticated local attacker by sending a specially-crafted request. Successful exploitation can enable an attacker to execute arbitrary code on the system.

Vulnerability Identifier: 

CVE-2020-5419

Vulnerability Problem Type: 

Environment problem

Credibility Level: 

Vendor report

Author: 

Ofir Hamam and Tomer Hadad at Ernst & Youngs Hacktics Advanced Security Center

Platform: 

Windows, Mac, Linux

Vulnerable Platforms:

VMware RabbitMQ All versions prior to v3.7.28
VMware RabbitMQ 3.8.x versions prior to v3.8.7

Non-Vulnerable Platforms:

VMware RabbitMQ v3.7.28
VMware RabbitMQ v3.8.7

Severity Rating: 

High

Base Score :

 7.2

Base Metrics : 

AV:L/AC:L/AU:S/C:C/I:C/A:C

Vulnerability Impact: 

Arbitrary Code Execution

Attack Vector: 

Local

Fix Available: 

Yes

Fix Type: 

Vendor fix

Defense Strategies:

 Communication and Privilege Management

Solution:

 VMware has released security updates regarding this vulnerability.

Reference Title: 

CVE-2020-5419 RabbitMQ arbitrary code execution using local binary planting

Reference Author: 

VMware

Network Ports: 

None

Reference URL: 

https://tanzu.vmware.com/security/cve-2020-5419

By | 2020-09-02T15:20:50+00:00 September 2nd, 2020|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment