Detections
Analytics

VMSA-2014-0003 : VMware vSphere Client updates address security vulnerabilities

high Nessus Plugin ID 73469

Language:

Synopsis

The remote VMware ESXi / ESX host is missing a security-related patch.

Description

a. vSphere Client Insecure Client Download

 vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.

 VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us

 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue.

Solution

Apply the missing patch.

See Also

http://lists.vmware.com/pipermail/security-announce/2014/000236.html

Plugin Details

Severity: High

ID: 73469

File Name: vmware_VMSA-2014-0003.nasl

Version: 1.12

Type: local

Published: 4/11/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:vmware:esx:4.0, cpe:/o:vmware:esx:4.1, cpe:/o:vmware:esxi:4.0, cpe:/o:vmware:esxi:4.1

Required KB Items: Host/local_checks_enabled, Host/VMware/release, Host/VMware/version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2014

Reference Information

CVE: CVE-2014-1209, CVE-2014-1210

BID: 66772, 66773

VMSA: 2014-0003