Detections
Analytics
VMware vSphere Data Protection Certificate Validation (VMSA-2015-0002)
medium Nessus Plugin ID 81315
Language:
Synopsis
The remote host has a virtualization appliance installed that is affected by a certificate validation vulnerability.Description
The version of VMware vSphere Data Protection installed on the remote host is 5.1.x / 5.5.x prior to 5.5.9, or 5.8.x prior to 5.8.1. It is, therefore, affected by a certificate validation vulnerability that allows man-in-the-middle (MitM) attacks.Solution
Upgrade to VMware vSphere Data Protection 5.5.9 / 5.8.1 or later.See Also
https://www.vmware.com/security/advisories/VMSA-2015-0002.html
https://seclists.org/bugtraq/2015/Jan/att-159/ESA-2015-006.txt
Plugin Details
Severity: Medium
ID: 81315
File Name: vmware_vsphere_data_protection_vmsa-2015-0002.nasl
Version: 1.10
Type: local
Family: Misc.
Published: 2/12/2015
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:vmware:vsphere_data_protection
Required KB Items: Host/vSphere Data Protection/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 1/29/2015
Vulnerability Publication Date: 1/29/2015
Reference Information
CVE: CVE-2014-4632
BID: 72367
VMSA: 2015-0002