Vigil@nce - VMware vSphere Client: two vulnerabilities
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of VMware vSphere
Client.
Impacted products: ESX, ESXi, vCenter, VMware vSphere, VMware
vSphere Hypervisor
Severity: 2/4
Creation date: 11/04/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in VMware vSphere Client.
An attacker can create a fake update, and invite the victim to
download it and to update it. [severity:2/4; CVE-2014-1209]
An attacker can setup a fake vCenter server, with a malicious
certificate, but which is accepted by VMware vSphere Client.
[severity:2/4; CVE-2014-1210]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/VMware-vSphere-Client-two-vulnerabilities-14578