Lucene search

K
cve[email protected]CVE-2014-1209
HistoryApr 11, 2014 - 7:55 p.m.

CVE-2014-1209

2014-04-1119:55:04
CWE-20
web.nvd.nist.gov
30
cve-2014-1209
vmware vsphere
client 4.0
client 4.1
client 5.0
client 5.1
remote code execution
nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.

Affected configurations

NVD
Node
vmwarevsphere_clientMatch4.0
OR
vmwarevsphere_clientMatch4.1
OR
vmwarevsphere_clientMatch5.0
OR
vmwarevsphere_clientMatch5.1

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%