VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)

high Nessus Plugin ID 73595

Synopsis

The remote host has a virtualization client application installed that is affected by multiple vulnerabilities.

Description

The version of vSphere Client installed on the remote Windows host is affected by the following vulnerabilities :

- An error exists related to the vSphere Client that could allow an updated vSphere Client to be downloaded from an untrusted source. (CVE-2014-1209)

- An error exists related to the vSphere Client and server certificate validation that could allow an attacker to spoof a vCenter server. Note that this issue only affects vSphere Client versions 5.0 and 5.1.
(CVE-2014-1210)

Solution

Upgrade to vSphere Client 5.0 Update 3 / 5.1 Update 2 or later.

In the case of vSphere Client 4.x, refer to the vendor's advisory.

See Also

https://www.vmware.com/security/advisories/VMSA-2014-0003.html

Plugin Details

Severity: High

ID: 73595

File Name: vsphere_client_vmsa_2014-0003.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 4/17/2014

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:vmware:vsphere_client

Required KB Items: SMB/VMware vSphere Client/Installed

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2014

Vulnerability Publication Date: 4/10/2014

Reference Information

CVE: CVE-2014-1209, CVE-2014-1210

BID: 66772, 66773

VMSA: 2014-0003