Man-in-the-Middle Vulnerability in VMware vSphere Data Protection and EMC Avamar
CVE-2014-4632

Currently unrated

Key Information:

Vendor: Vmware
Status: Vsphere Data Protection
Vendor: CVE Published:; 1 February 2015

Summary

VMware vSphere Data Protection and EMC Avamar products suffer from an improper verification process for X.509 certificates in SSL connections with vCenter Server. This flaw enables attackers to execute man-in-the-middle attacks, potentially allowing unauthorized access to backup and restore functionalities by presenting a malicious certificate. Organizations utilizing affected versions are urged to implement the recommended updates or mitigations to secure their data against these risks.

References

http://www.vmware.com/security/advisories/VMSA-2015-0002....

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2015-01/01...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/100866

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Jun 24, 2014