PT-2019-12208 · Cohesity+1 · Cohesity Dataplatform+1

Thorsten Tuellmann

Publicado

2019-07-12

Atualizado

2019-07-17

CVE-2019-11242

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cohesity DataPlatform versions prior to 6.1.1c

Description A man-in-the-middle issue related to vCenter access was discovered. It was found that Cohesity clusters did not verify TLS certificates presented by vCenter, which could expose user credentials configured to access vCenter.

Recommendations For versions prior to 6.1.1c, update to version 6.1.1c or later to resolve the issue. As a temporary workaround, consider restricting access to vCenter to minimize the risk of exploitation.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2019-11242

Produtos afetados

Cohesity Dataplatform

Vcenter

PT-2019-12208 · Cohesity+1 · Cohesity Dataplatform+1

CVE-2019-11242

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3