Vulnerabilities > CVE-2014-1210 - Cryptographic Issues vulnerability in VMWare Vsphere Client 5.0/5.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2014-0003.NASL description a. vSphere Client Insecure Client Download vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link. VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 73469 published 2014-04-11 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73469 title VMSA-2014-0003 : VMware vSphere Client updates address security vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2014-0003. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(73469); script_version("1.11"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2014-1209", "CVE-2014-1210"); script_bugtraq_id(66772, 66773); script_xref(name:"VMSA", value:"2014-0003"); script_name(english:"VMSA-2014-0003 : VMware vSphere Client updates address security vulnerabilities"); script_summary(english:"Checks esxupdate output for the patch"); script_set_attribute( attribute:"synopsis", value:"The remote VMware ESXi / ESX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "a. vSphere Client Insecure Client Download vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link. VMware would like to thank Recurity Labs GmbH and the Bundesamt Sicherheit in der Informationstechnik (BSI) for reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-1209 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2014/000236.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2014-04-10"); flag = 0; if (esx_check(ver:"ESX 4.0", patch:"ESX400-201404401-SG")) flag++; if (esx_check(ver:"ESX 4.1", patch:"ESX410-201404401-SG")) flag++; if (esx_check(ver:"ESXi 4.0", patch:"ESXi400-201402402-SG")) flag++; if (esx_check(ver:"ESXi 4.1", patch:"ESXi410-201404401-SG")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id VSPHERE_CLIENT_VMSA_2014-0003.NASL description The version of vSphere Client installed on the remote Windows host is affected by the following vulnerabilities : - An error exists related to the vSphere Client that could allow an updated vSphere Client to be downloaded from an untrusted source. (CVE-2014-1209) - An error exists related to the vSphere Client and server certificate validation that could allow an attacker to spoof a vCenter server. Note that this issue only affects vSphere Client versions 5.0 and 5.1. (CVE-2014-1210) last seen 2020-06-01 modified 2020-06-02 plugin id 73595 published 2014-04-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73595 title VMware vSphere Client Multiple Vulnerabilities (VMSA-2014-0003)