Vulnerabilities > CVE-2014-1207 - Denial of Service vulnerability in VMWare ESX and Esxi
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 14 |
Nessus
NASL family Misc. NASL id VMWARE_VMSA-2014-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to a NULL pointer deference flaw when handling Network File Copy (NFC) traffic. An unauthenticated, remote attacker can exploit this by intercepting and modifying the traffic between the ESX / ESXi host and the client. (CVE-2014-1207) - A flaw exists due to improper handling of invalid ports. An unauthenticated attacker on an adjacent network can exploit this to cause VMX processing to fail, resulting in a partial denial of service. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 87673 published 2015-12-30 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87673 title VMware ESX / ESXi Multiple DoS (VMSA-2014-0001) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(87673); script_version("1.4"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2014-1207", "CVE-2014-1208" ); script_bugtraq_id( 64994, 64995 ); script_xref(name:"VMSA", value:"2014-0001"); script_name(english:"VMware ESX / ESXi Multiple DoS (VMSA-2014-0001)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to a NULL pointer deference flaw when handling Network File Copy (NFC) traffic. An unauthenticated, remote attacker can exploit this by intercepting and modifying the traffic between the ESX / ESXi host and the client. (CVE-2014-1207) - A flaw exists due to improper handling of invalid ports. An unauthenticated attacker on an adjacent network can exploit this to cause VMX processing to fail, resulting in a partial denial of service. (CVE-2014-1208)"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0001"); script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000231.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/30"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; if ("ESX" >!< rel) audit(AUDIT_OS_NOT, "VMware ESX/ESXi"); extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver); if (isnull(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); else { esx = extract[1]; ver = extract[2]; } # fixed build numbers are the same for ESX and ESXi fixes = make_array( "4.0", "1335992", "4.1", "1363503", "5.0", "1311175", #1311177 is "security only" "5.1", "1483097" ); sec_fixes = make_array( "5.0", "1311177" ); fix = FALSE; fix = fixes[ver]; sec_fix = FALSE; sec_fix = sec_fixes[ver]; # get the build before checking the fix for the most complete audit trail extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver); build = int(extract[1]); # if there is no fix in the array, fix is FALSE if (!fix) audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build); if (build < fix) { if (sec_fix) fix = fix + " / " + sec_fix; if (report_verbosity > 0) { report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fix + '\n'; security_warning(port:port, extra:report); } else security_warning(port:port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1311177_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 70879 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70879 title ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70879); script_version("1.23"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-0338", "CVE-2013-5970", "CVE-2013-5973", "CVE-2014-1207", "CVE-2014-1208" ); script_bugtraq_id( 57778, 58180, 60268, 63216, 64491, 64994, 64995 ); script_xref(name:"VMSA", value:"2013-0009"); script_xref(name:"VMSA", value:"2013-0012"); script_xref(name:"VMSA", value:"2013-0016"); script_xref(name:"VMSA", value:"2014-0001"); script_name(english:"ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check)"); script_summary(english:"Checks ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. (CVE-2013-0166, CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities. An attacker can exploit this to cause a denial of service. (CVE-2013-0338) - An unspecified error exists related to 'hostd-vmdb'. An attacker can exploit this to cause a denial of service. (CVE-2013-5970) - An error exists in the handling of certain Virtual Machine file descriptors. This may allow an unprivileged user with the 'Add Existing Disk' privilege to obtain read and write access to arbitrary files, possibly leading to arbitrary code execution after a host reboot. (CVE-2013-5973) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. This issue may lead to a denial of service if an attacker intercepts and modifies the NFC traffic. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208)"); # https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=2055559 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?07980398"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0009.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0012.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0016.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2014-0001.html"); script_set_attribute(attribute:"solution", value: "Apply patch ESXi500-201310101-SG, ESXi500-201310201-UG, or ESXi500-Update03."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5973"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/13"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is (C) 2013-2019 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); if ("ESXi" >!< rel) audit(AUDIT_OS_NOT, "ESXi"); if ("VMware ESXi 5.0" >!< rel) audit(AUDIT_OS_NOT, "ESXi 5.0"); match = eregmatch(pattern:'^VMware ESXi.*build-([0-9]+)$', string:rel); if (isnull(match)) exit(1, 'Failed to extract the ESXi build number.'); build = int(match[1]); fixed_build = 1311175; if (build < fixed_build) { if (report_verbosity > 0) { report = '\n ESXi version : ' + ver + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_warning(port:0, extra:report); } else security_warning(0); } else exit(0, "The host has "+ver+" build "+build+" and thus is not affected.");NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0001.NASL description a. VMware ESXi and ESX NFC NULL pointer dereference VMware ESXi and ESX contain a NULL pointer dereference in the handling of the Network File Copy (NFC) traffic. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1207 to this issue. b. VMware VMX process denial of service vulnerability Due to a flaw in the handling of invalid ports, it is possible to cause the VMX process to fail. This vulnerability may allow a guest user to affect the VMX process resulting in a partial denial of service on the host. VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1208 to this issue. c. VMware vCloud Director Cross Site Request Forgery (CSRF) VMware vCloud Director contains a vulnerability in the Hyper Text Transfer Protocol (http) session management. An attacker may trick an authenticated user to click a malicious link, which would result in the user being logged out. The user is able to immediately log back into the system. VMware would like to thank Mattia Folador for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1211 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 72006 published 2014-01-17 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72006 title VMSA-2014-0001 : VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1483097_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. (CVE-2013-0166) - An error exists related to the SSL/TLS/DTLS protocols, CBC mode encryption and response time. An attacker can obtain plaintext contents of encrypted traffic via timing attacks. (CVE-2013-0169) - An error exists in the libxml2 library related to the expansion of XML internal entities that could allow denial of service attacks. (CVE-2013-0338) - A NULL pointer dereference flaw exists in the handling of Network File Copy (NFC) traffic. An attacker can exploit this by intercepting and modifying NFC traffic, to cause a denial of service condition. (CVE-2014-1207) - A denial of service vulnerability exists in the handling of invalid ports that could allow a guest user to crash the VMX process. (CVE-2014-1208) last seen 2020-06-01 modified 2020-06-02 plugin id 72037 published 2014-01-20 reporter This script is (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72037 title ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)