Summary
VMware vSphere Client updates address security vulnerabilities
Solution
Apply the missing patch(es).
Insight
a. vSphere Client Insecure Client Download
vSphere Client contains a vulnerability in accepting an updated vSphere Client file from an untrusted source. The vulnerability may allow a host to direct vSphere Client to download and execute an arbitrary file from any URI. This issue can be exploited if the host has been compromised or if a user has been tricked into clicking a malicious link.
Affected
vSphere Client 5.1
vSphere Client 5.0
vSphere Client 4.1
vSphere Client 4.0
Detection
Checks for missing patches.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1209, CVE-2014-1210 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
- VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
- VMSA-2013-0002 VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
- VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues