CVE-2014-1209

2014-04-1119:55:04

CWE-20

mitre

web.nvd.nist.gov

cve-2014-1209

vmware vsphere

client 4.0

client 4.1

client 5.0

client 5.1

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON

VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.

Affected configurations

Nvd

Node

vmwarevsphere_clientMatch4.0

vmwarevsphere_clientMatch4.1

vmwarevsphere_clientMatch5.0

vmwarevsphere_clientMatch5.1

VendorProductVersionCPE
vmwarevsphere_client4.0cpe:2.3:a:vmware:vsphere_client:4.0:*:*:*:*:*:*:*
vmwarevsphere_client4.1cpe:2.3:a:vmware:vsphere_client:4.1:*:*:*:*:*:*:*
vmwarevsphere_client5.0cpe:2.3:a:vmware:vsphere_client:5.0:*:*:*:*:*:*:*
vmwarevsphere_client5.1cpe:2.3:a:vmware:vsphere_client:5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vmware	vsphere_client	4.0	cpe:2.3:a:vmware:vsphere_client:4.0:::::::*
vmware	vsphere_client	4.1	cpe:2.3:a:vmware:vsphere_client:4.1:::::::*
vmware	vsphere_client	5.0	cpe:2.3:a:vmware:vsphere_client:5.0:::::::*
vmware	vsphere_client	5.1	cpe:2.3:a:vmware:vsphere_client:5.1:::::::*