Kaspersky LabKLA10436KLA10436 Multiple vulnerabilities in VMware vSphere Client
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.6%
Multiple critical vulnerabilities have been found in VMware vSphere. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security. Below is a complete list of vulnerabilities
- An improper client file update validation can be exploited remotely;
- An improper X.509 certificates validation can be exploited remotely via SSL service spoofing;
Original advisories
Related products
CVE list
CVE-2014-1210 high
CVE-2014-1209 critical
Solution
Update vSphere client to safe version. Use one of these links or go to VMware bulletin for instructions.vCenter Server 5.0 update
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- VMware vSphere Client 4 versions 4.0, 4.1VMware vSphere Client 5 versions 5.0, 5.1
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.6%