Remote Information Disclosure in VMware NSX Edge and vCNS Edge Products
CVE-2016-2079

5.9MEDIUM

Key Information:

Vendor: Vmware
Status: Nsx Edge
Vendor: CVE Published:; 3 July 2016

Summary

In VMware NSX Edge versions 6.1 prior to 6.1.7 and 6.2 prior to 6.2.3, as well as vCNS Edge version 5.5 prior to 5.5.4.3, an unpatched vulnerability exists when the SSL-VPN feature is enabled. This flaw allows remote attackers to exploit unspecified vectors to gain access to sensitive information, potentially compromising the confidentiality of the data handled by these products.

References

http://www.vmware.com/security/advisories/VMSA-2016-0007....

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036077

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2016
Vulnerability Reserved
Jan 26, 2016