Detections
Analytics
VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)
high Nessus Plugin ID 73595
Language:
Synopsis
The remote host has a virtualization client application installed that is affected by multiple vulnerabilities.Description
The version of vSphere Client installed on the remote Windows host is affected by the following vulnerabilities :- An error exists related to the vSphere Client that could allow an updated vSphere Client to be downloaded from an untrusted source. (CVE-2014-1209)
- An error exists related to the vSphere Client and server certificate validation that could allow an attacker to spoof a vCenter server. Note that this issue only affects vSphere Client versions 5.0 and 5.1.
(CVE-2014-1210)
Solution
Upgrade to vSphere Client 5.0 Update 3 / 5.1 Update 2 or later.In the case of vSphere Client 4.x, refer to the vendor's advisory.
See Also
https://www.vmware.com/security/advisories/VMSA-2014-0003.html
Plugin Details
Severity: High
ID: 73595
File Name: vsphere_client_vmsa_2014-0003.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows
Published: 4/17/2014
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:vmware:vsphere_client
Required KB Items: SMB/VMware vSphere Client/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 4/10/2014
Vulnerability Publication Date: 4/10/2014
Reference Information
CVE: CVE-2014-1209, CVE-2014-1210
VMSA: 2014-0003