Hypervisor vulnerabilities

Hypervisor vulnerabilities affect the ability to provide and manage core elements, including CPI, I/O, disk, and memory, to virtual machines hosted on the hypervisor. As with any other software system, vulnerabilities are identified and vendors work toward patching them as quickly as possible before an exploit is found.

Several key vulnerabilities exist at this time, specific to VMware ESXi, including buffer overflow and directory traversal vulnerabilities. The following information is taken from the National Vulnerability Database (http://nvd.nist.gov):

Note

National Cyber Awareness System

Vulnerability summary for CVE-2013-3658

Original release date: 09/10/2013

Last revised: 09/12/2013

Source: US-CERT/NIST

Overview

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0 as well as ESX 4.0 and 4.1 allows remote attackers to delete arbitrary host OS files via unspecified vectors.

Impact

CVSS severity (Version 2.0):

CVSS v2 base score: 9.4 (high) (AV:N/AC:L/Au:N/C:N/I:C/A:C) (legend)

Impact subscore: 9.2

Exploitability subscore: 10.0

CVSS Version 2 metrics:

Access vector: Network exploitable

Access complexity: Low

Authentication: Not required to exploit

Impact type: This allows unauthorized modification and the disruption of service

Note that the access vector for both of these vulnerabilities is termed network exploitable, meaning that the vulnerability is remotely exploitable with only network access. The attacker does not need local access to exploit this type of vulnerability. The vulnerability listed in the National Vulnerability Database (http://nvd.nist.gov) is as follows:

Note

National Cyber Awareness System

Vulnerability summary for CVE-2013-3657

Original release date: 09/10/2013

Last revised: 09/13/2013

Source: US-CERT/NIST

Overview

Buffer overflow in VMware ESXi 4.0 through 5.0 as well as ESX 4.0 and 4.1 allows remote attackers to execute the arbitrary code or cause a denial of service via unspecified vectors.

Impact

CVSS severity (Version 2.0):

CVSS v2 base score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact subscore: 6.4

Exploitability subscore: 10.0

CVSS Version 2 metrics:

Access vector: Network exploitable

Access complexity: Low

Authentication: Not required to exploit

Impact type: This allows unauthorized disclosure of information, unauthorized modification, and the disruption of service

When attackers find a vulnerability such as this and see that no authentication is required to exploit and the access vector is network exploitable, they move this up the list as a potential low-risk, high-value target.

It should be noted that at the time of writing this book, these vulnerabilities were active; however, VMware releases patches on a regular basis and some or all of the example vulnerabilities might have already been remediated.