PT-2006-6651 · Vmware · Vmware Virtualcenter Client
Published
2006-11-21
·
Updated
2018-10-17
·
CVE-2006-5990
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
VMWare VirtualCenter client versions 1.4.x through 1.4.1 (before Patch 1, Build 33425)
VMWare VirtualCenter client versions 2.x through 2.0.1 (before Patch 1, Build 33643)
Description
The issue allows remote malicious servers to spoof valid servers via a man-in-the-middle attack when server certificate verification is enabled. This occurs because the client does not verify the server's X.509 certificate when creating an SSL session.
Recommendations
For VMWare VirtualCenter client versions 1.4.x through 1.4.1 (before Patch 1, Build 33425), apply Patch 1 (Build 33425) to resolve the issue.
For VMWare VirtualCenter client versions 2.x through 2.0.1 (before Patch 1, Build 33643), apply Patch 1 (Build 33643) to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Virtualcenter Client