PT-2019-12208 · Cohesity+1 · Cohesity Dataplatform+1

Thorsten Tuellmann

Published

2019-07-12

Updated

2019-07-17

CVE-2019-11242

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cohesity DataPlatform versions prior to 6.1.1c

Description A man-in-the-middle issue related to vCenter access was discovered. It was found that Cohesity clusters did not verify TLS certificates presented by vCenter, which could expose user credentials configured to access vCenter.

Recommendations For versions prior to 6.1.1c, update to version 6.1.1c or later to resolve the issue. As a temporary workaround, consider restricting access to vCenter to minimize the risk of exploitation.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2019-11242

Affected Products

Cohesity Dataplatform

Vcenter

PT-2019-12208 · Cohesity+1 · Cohesity Dataplatform+1

CVE-2019-11242

Weakness Enumeration

Related Identifiers

Affected Products

References · 3