Unsecured vSphere Client Installer in VMware Products
CVE-2011-1789

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcenter; Esxi; Esx
Vendor: CVE Published:; 9 May 2011

Summary

The self-extracting installer within the VMware vSphere Client Installer package is prone to spoofing attacks due to the absence of a digital signature. This weakness affects several versions of VMware vCenter and ESXi/ESX, potentially allowing remote attackers to distribute modified installers that could compromise system integrity. Users of affected versions are advised to update to the latest releases to mitigate the risk of malicious installations.

References

http://lists.vmware.com/pipermail/security-announce/2011/...

mailing-listx_refsource_MLIST

http://securitytracker.com/id?1025502

vdb-entryx_refsource_SECTRACK

http://www.vmware.com/security/advisories/VMSA-2011-0008....

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
May 9, 2011