VMware ESXi Command Injection Vulnerability

VMware is the market leader in cloud infrastructure software, with over 41% market share. The VMware ESXi solution is a bare metal hypervisor that installs directly onto your physical server and partitions it into multiple virtual machines. The FortiGuard Labs team recently discovered a command injection vulnerability in VMware ESXi. This vulnerability is identified as CVE-2017-16544. This command injection vulnerability is caused by the built-in BusyBox. A local attacker could create or upload a file with a crafted filename, allowing the attacker to execute arbitrary commands using the victim’s permission when the victim tries to access, modify, or delete this file from the terminal. The command injection vulnerability is caused by the add_match function in BusyBox. BusyBox doesn’t sanitize filenames, which can result in executing an escape sequence in the terminal.An attacker could create a PoC file with the vi editor using the following commands: “vi test’ [enter] some_commands_here [enter] ‘ [enter]”, then save the file.