VMware RabbitMQ Arbitrary Code Execution Vulnerability
A code execution vulnerability was found in VMware RabbitMQ. The vulnerability is caused due to a Windows-specific binary planting security flaw. This vulnerability can be exploited by an authenticated local attacker by sending a specially-crafted request. Successful exploitation can enable an attacker to execute arbitrary code on the system.
Vulnerability Problem Type:
Ofir Hamam and Tomer Hadad at Ernst & Youngs Hacktics Advanced Security Center
Windows, Mac, Linux
VMware RabbitMQ All versions prior to v3.7.28
VMware RabbitMQ 3.8.x versions prior to v3.8.7
VMware RabbitMQ v3.7.28
VMware RabbitMQ v3.8.7
Base Score :
Base Metrics :
Arbitrary Code Execution
Communication and Privilege Management
VMware has released security updates regarding this vulnerability.
CVE-2020-5419 RabbitMQ arbitrary code execution using local binary planting