This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote VMware ESXi / ESX host is missing a security-related patch.
a. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated
vSphere Client file from an untrusted source. The vulnerability may
allow a host to direct vSphere Client to download and execute an
arbitrary file from any URI. This issue can be exploited if
the host has been compromised or if a user has been tricked
into clicking a malicious link.
VMware would like to thank Recurity Labs GmbH and the Bundesamt
in der Informationstechnik (BSI) for reporting this issue to us
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2014-1209 to this issue.
See also :
Apply the missing patch.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: VMware ESX Local Security Checks
Nessus Plugin ID: 73469 ()
Bugtraq ID: 6677266773
CVE ID: CVE-2014-1209CVE-2014-1210
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.