Vulnerability Description
VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Server Appliance | 5.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlVendor Advisory
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlVendor Advisory
FAQ
What is CVE-2014-8371?
CVE-2014-8371 is a vulnerability with a CVSS score of 4.3 (MEDIUM). VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which...
How severe is CVE-2014-8371?
CVE-2014-8371 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8371?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Server Appliance.