Unauthenticated Access to Guest Operating Systems via VIX API in VMware vCenter Server

Unauthenticated Access to Guest Operating Systems via VIX API in VMware vCenter Server

CVE-2017-4919 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

Learn more about our Cis Benchmark Audit For Operating Systems.