VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues

2014-01-1600:00:00

www.vmware.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.6%

JSON

a. VMware ESXi and ESX NFC NULL pointer dereference

VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service.To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1207 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
esxiltESXi510-201401101-SG
esxiltESXi500-201310101-SG
esxiltESXi410-201312401-SG
esxiltESXi400-201310401-SG
esxltESX410-201312401-SG
workstationlt9.0.1
playerlt5.0.1
fusionlt5.0.1
vcloud directorlt5.1.3

Name	Operator	Version
esxi	lt	ESXi510-201401101-SG
esxi	lt	ESXi500-201310101-SG
esxi	lt	ESXi410-201312401-SG
esxi	lt	ESXi400-201310401-SG
esx	lt	ESX410-201312401-SG
workstation	lt	9.0.1
player	lt	5.0.1
fusion	lt	5.0.1
vcloud director	lt	5.1.3