Vulnerabilities > CVE-2014-4632 - Cryptographic Issues vulnerability in VMWare Vsphere Data Protection

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

vmware

CWE-310

nessus

NVD

Published: 2015-02-01

Updated: 2024-11-21

Summary

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Vsphere Data Protection 5.5.7 Vmware Vsphere Data Protection 5.5.6 Vmware Vsphere Data Protection 5.1 Vmware Vsphere Data Protection 5.5.1 Vmware Vsphere Data Protection 5.5.8 Vmware Vsphere Data Protection 5.8.0	6

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	Misc.
NASL id	VMWARE_VSPHERE_DATA_PROTECTION_VMSA-2015-0002.NASL
description	The version of VMware vSphere Data Protection installed on the remote host is 5.1.x / 5.5.x prior to 5.5.9, or 5.8.x prior to 5.8.1. It is, therefore, affected by a certificate validation vulnerability that allows man-in-the-middle (MitM) attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	81315
published	2015-02-12
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/81315
title	VMware vSphere Data Protection Certificate Validation (VMSA-2015-0002)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(81315); script_version("1.10"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2014-4632"); script_bugtraq_id(72367); script_xref(name:"VMSA", value:"2015-0002"); script_name(english:"VMware vSphere Data Protection Certificate Validation (VMSA-2015-0002)"); script_summary(english:"Checks the version of VMware vSphere Data Protection."); script_set_attribute(attribute:"synopsis", value: "The remote host has a virtualization appliance installed that is affected by a certificate validation vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware vSphere Data Protection installed on the remote host is 5.1.x / 5.5.x prior to 5.5.9, or 5.8.x prior to 5.8.1. It is, therefore, affected by a certificate validation vulnerability that allows man-in-the-middle (MitM) attacks."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2015-0002.html"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2015/Jan/att-159/ESA-2015-006.txt"); script_set_attribute(attribute:"solution", value:"Upgrade to VMware vSphere Data Protection 5.5.9 / 5.8.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vsphere_data_protection"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/vSphere Data Protection/Version"); script_require_ports("Services/ssh", 22); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); app_name = "vSphere Data Protection"; version = get_kb_item_or_exit("Host/vSphere Data Protection/Version"); fix = NULL; if (version =~ "^5(\.[58])?$") audit(AUDIT_VER_NOT_GRANULAR, app_name, version); if (version =~ "^5\.1($\|[0-9])") { fix = "5.2.0"; # not a real fix report_fix = "5.5.9 / 5.8.1"; } else if (version =~ "^5\.5\.") { fix = "5.5.9"; report_fix = fix; } else if (version =~ "^5\.8\.") { fix = "5.8.1"; report_fix = fix; } else audit(AUDIT_NOT_INST, app_name +" 5.1.x / 5.5.x / 5.8.x"); if (ver_compare(ver:version, fix:fix, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + report_fix + '\n'; security_warning(port:0, extra:report); } else security_warning(0); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, app_name, version);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References