#VU41033 Cryptographic issues in vCenter Server Appliance - CVE-2014-8371

Cybersecurity Help s.r.o.

Published: 2014-12-08 | Updated: 2020-08-09

Vulnerability identifier: #VU41033

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-8371

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
vCenter Server Appliance
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.

Mitigation
Install update from vendor's website.

Vulnerable software versions

vCenter Server Appliance: 5.0 - 5.5

External links
https://seclists.org/fulldisclosure/2014/Dec/23
https://www.securityfocus.com/archive/1/534161/100/0/threaded
https://www.vmware.com/security/advisories/VMSA-2014-0012.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cryptographic issues in VMware, vCenter Server Appliance