Lucene search

PRIOn knowledge basePRION:CVE-2011-1789

HistoryMay 09, 2011 - 10:55 p.m.

Code injection

2011-05-0922:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

CPENameOperatorVersion
esxeq4.1
esxeq4.0
esxieq4.1
esxieq4.0
vcentereq4.0 update-1
vcentereq4.1
vcentereq4.0
vcentereq4.0 update-2

Name	Operator	Version
esx	eq	4.1
esx	eq	4.0
esxi	eq	4.1
esxi	eq	4.0
vcenter	eq	4.0 update-1
vcenter	eq	4.1
vcenter	eq	4.0
vcenter	eq	4.0 update-2

References

lists.vmware.com/pipermail/security-announce/2011/000137.html

securitytracker.com/id?1025502

www.vmware.com/security/advisories/VMSA-2011-0008.html

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for PRION:CVE-2011-1789