VMware vRealize Log Insight Unauthenticated Remote Code Execution

VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing …

access access control attacker broken access control code code execution control deserialization directory directory traversal disclosure information information disclosure insight insights log metasploit operating system remote code remote code execution root system unauthenticated vmware vmware vrealize log vmware vrealize log insight vrealize vrealize log insight vulnerabilities