CVE-2015-6932

Published Sep 18, 2015

Last updated 4 years ago

Overview

Description: VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF8B2EC1-CACD-443C-A697-F744CB4611D5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C06379AA-13C0-41FB-B63C-0C46D6DD0462"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C0080A4-A72E-4F7F-AB4C-168F957EAE4B"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26AAFC76-9CB6-4F22-880C-0102BECEE04C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD83F1CE-CD2A-49B3-858D-8CE3F715DC40"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8339BAB3-D6C9-426A-9C1D-9F2AB946BF96"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDA978D2-DEA4-4EC9-8945-A6AEA5AA87BE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "455C1162-56F5-457A-97D1-B98CFD5F27CE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6B794EE-70C2-4271-B946-202AB21CA477"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "683C54AA-625C-4902-BE2A-EF4E263D2FEB"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74EE8EE5-54F0-4359-898B-C57C5B2AE7C4"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F83AAB8E-F129-4D1C-A4BC-4CC2C1777F5F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References