Design/Logic Flaw

2023-11-2217:15:00

PRIOn knowledge base

www.prio-n.com

dell unity

man in the middle

vmadapter

vulnerability

certificate

vcenter

spoofed

attacker

ca-signed.

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.3%

JSON

Dell Unity prior to 5.3 contains a ‘man in the middle’ vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.

CPENameOperatorVersion
unity_operating_environmentlt5.3.0.0.5.120
unity_xt_operating_environmentlt5.3.0.0.5.120
unityvsa_operating_environmentlt5.3.0.0.5.120