VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)

High Nessus Plugin ID 73595


The remote host has a virtualization client application installed that is affected by multiple vulnerabilities.


The version of vSphere Client installed on the remote Windows host is affected by the following vulnerabilities :

- An error exists related to the vSphere Client that could allow an updated vSphere Client to be downloaded from an untrusted source. (CVE-2014-1209)

- An error exists related to the vSphere Client and server certificate validation that could allow an attacker to spoof a vCenter server. Note that this issue only affects vSphere Client versions 5.0 and 5.1.


Upgrade to vSphere Client 5.0 Update 3 / 5.1 Update 2 or later.

In the case of vSphere Client 4.x, refer to the vendor's advisory.

See Also


Plugin Details

Severity: High

ID: 73595

File Name: vsphere_client_vmsa_2014-0003.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/17

Modified: 2014/08/07

Dependencies: 64558

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:vmware:vsphere_client

Required KB Items: SMB/VMware vSphere Client/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/04/10

Vulnerability Publication Date: 2014/04/10

Reference Information

CVE: CVE-2014-1209, CVE-2014-1210

BID: 66772, 66773

OSVDB: 105726, 105727

VMSA: 2014-0003