Summary
VMware vSphere Client updates address security vulnerabilities
Solution
Apply the missing patch(es).
Insight
a. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.
Affected
vSphere Client 5.1
vSphere Client 5.0
vSphere Client 4.1
vSphere Client 4.0
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1209, CVE-2014-1210 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components
- VMSA-2011-0004.3 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.
- VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
- VMSA-2014-0008: VMware vSphere product updates to third party libraries