Summary
VMware vSphere Client updates address security vulnerabilities
Solution
Apply the missing patch(es).
Insight
a. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.
Affected
vSphere Client 5.1
vSphere Client 5.0
vSphere Client 4.1
vSphere Client 4.0
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1209, CVE-2014-1210 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2015-0001: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
- VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
- VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
- VMSA-2012-0007 VMware hosted products and ESX patches address privilege escalation
- VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates