Lucene search

K
cve[email protected]CVE-2014-4632
HistoryFeb 01, 2015 - 2:59 a.m.

CVE-2014-4632

2015-02-0102:59:00
CWE-310
web.nvd.nist.gov
25
cve-2014-4632
vmware
vsphere
data protection
vdp
emc avamar
ssl
certificate
man-in-the-middle
spoofing
security vulnerability

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.5%

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

Affected configurations

NVD
Node
vmwarevsphere_data_protectionMatch5.1
OR
vmwarevsphere_data_protectionMatch5.5.1
OR
vmwarevsphere_data_protectionMatch5.5.6
OR
vmwarevsphere_data_protectionMatch5.5.7
OR
vmwarevsphere_data_protectionMatch5.5.8
OR
vmwarevsphere_data_protectionMatch5.8.0

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

28.5%