CVE-2014-4632
VMware Security Advisory 2015-0002
Severity Score
Exploit Likelihood
Affected Versions
6Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.
vSphere Data Protection (VDP) versión 5.1, versiones 5.5 anteriores a 5.5.9 y versiones 5.8 anteriores a 5.8.1 de VMware y el cliente proxy en Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) versiones 6.x y 7.0.x de EMC, no comprueba apropiadamente los certificados X.509 de los servidores SSL de vCenter Server, lo que permite atacantes de tipo man-in-the-middle falsificar servidores, y omitir las restricciones de acceso de copia de seguridad y restauración previstas, por medio de un certificado diseñado.
EMC Avamar contains a security vulnerability that may potentially be leveraged by a malicious user to obtain sensitive information when performing a backup or restore operation relating to the vCenter Server. EMC Avamar VMware image and File Level Restore (FLR) proxies do not verify SSL certificates properly when presented by vCenter and may be vulnerable to man-in-the-middle attacks. This vulnerability may potentially be exploited to obtain sensitive information when performing backup and restore operations relating to the vCenter Server. EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-24 CVE Reserved
- 2015-01-30 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|