Man-in-the-Middle Vulnerability in VMware vSphere Data Protection and EMC Avamar
CVE-2014-4632

Currently unrated

Key Information:

Vendor: Vmware
Status: Vsphere Data Protection
Vendor: CVE Published:; 1 February 2015

What is CVE-2014-4632?

VMware vSphere Data Protection and EMC Avamar products suffer from an improper verification process for X.509 certificates in SSL connections with vCenter Server. This flaw enables attackers to execute man-in-the-middle attacks, potentially allowing unauthorized access to backup and restore functionalities by presenting a malicious certificate. Organizations utilizing affected versions are urged to implement the recommended updates or mitigations to secure their data against these risks.

References

http://www.vmware.com/security/advisories/VMSA-2015-0002....

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2015-01/01...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/100866

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Jun 24, 2014

Vmware

What is CVE-2014-4632?

References

Timeline