PT-2014-8495 · Vmware · Vmware Vcenter Server Appliance+2
Published
2014-12-04
·
Updated
2018-10-09
·
CVE-2014-8371
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
VMware vCenter Server Appliance (vCSA) versions 5.0 through 5.0 before Update 3c
VMware vCenter Server Appliance (vCSA) versions 5.1 through 5.1 before Update 3
VMware vCenter Server Appliance (vCSA) versions 5.5 through 5.5 before Update 2
Description
The issue is related to the improper validation of certificates when connecting to a CIM Server on an ESXi host. This allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate, potentially leading to a Man-in-the-middle attack against the CIM service.
Recommendations
For versions 5.0 through 5.0 before Update 3c, update to Update 3c or later.
For versions 5.1 through 5.1 before Update 3, update to Update 3 or later.
For versions 5.5 through 5.5 before Update 2, update to Update 2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esxi
Vmware Vcenter
Vmware Vcenter Server Appliance