VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)
High Nessus Plugin ID 73595
SynopsisThe remote host has a virtualization client application installed that is affected by multiple vulnerabilities.
DescriptionThe version of vSphere Client installed on the remote Windows host is affected by the following vulnerabilities :
- An error exists related to the vSphere Client that could allow an updated vSphere Client to be downloaded from an untrusted source. (CVE-2014-1209)
- An error exists related to the vSphere Client and server certificate validation that could allow an attacker to spoof a vCenter server. Note that this issue only affects vSphere Client versions 5.0 and 5.1.
SolutionUpgrade to vSphere Client 5.0 Update 3 / 5.1 Update 2 or later.
In the case of vSphere Client 4.x, refer to the vendor's advisory.