Cryptographic issues in VMware, vCenter Server Appliance
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-8371 |
| CWE-ID | CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
vCenter Server Appliance Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Cryptographic issues
EUVDB-ID: #VU41033
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-8371
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
MitigationInstall update from vendor's website.
Vulnerable software versionsvCenter Server Appliance: 5.0 - 5.5
CPE2.3- cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server_appliance:5.5:*:*:*:*:*:*:*
https://seclists.org/fulldisclosure/2014/Dec/23
https://www.securityfocus.com/archive/1/534161/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2014-0012.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
