Greetings from the VMware Security Response Center!
Today we released VMSA-2016-0013 which documents a local privilege escalation in vRealize Automation (vRA) and VMware Identity Manager (vIDM) as well as a remote code execution in vRA.
We thought we should go a little more in depth about the vulnerabilities themselves to better explain how they may impact your environment.
The local privilege escalation identified by CVE-2016-5335 affects both vIDM 2.x and vRA 7.x. Because this is a privilege escalation an attacker will need to already have access to a local low-privileged account on the appliance for exploitation to be possible.
The vRA remote code execution identified by CVE-2016-5336 allows for the compromise of a low-privileged account via port 40002. This issue only affects vRA 7.0.x as the vulnerable service was introduced in 7.0. Successful exploitation has limited gains as the service account was designed to use minimal privileges. This is why the issue has been classified as important and not critical.
We want to stress that while both of these issues fall in the important severity range (please see our response policies for more information) when chained together they present the opportunity for a complete compromise of a vRA 7.0.x appliance. We strongly recommend updating to vRA 7.1 as soon as possible. Customers that cannot upgrade vRA immediately can implement the workaround documented in KB2146585 and/or limit access to port 40002 via an external firewall as a mitigation.
As always please drop us a line at email@example.com if you have any questions or comments.