Detections
Analytics
VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2012-0013)
critical Nessus Plugin ID 66909
Language:
Synopsis
The remote host has an update manager installed that is affected by multiple vulnerabilities.Description
The version of VMware vCenter Update Manager installed on the remote Windows host is 4.0 earlier than Update 4a, or 4.1 earlier than Update 3. Such versions use a version of the Oracle JRE 1.5 that is affected by multiple vulnerabilities.Solution
Upgrade to vCenter Update Manager 4.0 Update 4a / 4.1 Update 3 or later.See Also
http://www.vmware.com/security/advisories/VMSA-2012-0013.html
http://lists.vmware.com/pipermail/security-announce/2012/000197.html
Plugin Details
Severity: Critical
ID: 66909
File Name: vmware_vcenter_update_mgr_vmsa-2012-0013.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows
Published: 6/17/2013
Updated: 3/8/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-1725
Vulnerability Information
CPE: cpe:/a:vmware:vcenter_update_manager
Required KB Items: SMB/VMware vCenter Update Manager/Version, SMB/VMware vCenter Update Manager/Build, SMB/VMware vCenter Update Manager/Path
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/30/2012
Vulnerability Publication Date: 6/12/2012
CISA Known Exploited Vulnerability Due Dates: 3/24/2022
Exploitable With
Core Impact
Metasploit (Java Applet Field Bytecode Verifier Cache Remote Code Execution)
Reference Information
CVE: CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1723, CVE-2012-1725
BID: 53946, 53947, 53949, 53950, 53951, 53952, 53954, 53956, 53960
VMSA: 2012-0013