The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
The vendor's disclosure for this vulnerability can be found here.
This vulnerability requires:
- Ability to run system commands as a misconfigured sudo user or group
More details and the exploitation process can be found in this PDF.