Описание
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.0.0.5.120 (исключая)Версия до 5.3.0.0.5.120 (исключая)Версия до 5.3.0.0.5.120 (исключая)
Одно из
cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00148
Низкий
8.6 High
CVSS3
5.9 Medium
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 8.6
github
около 2 лет назад
Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.
EPSS
Процентиль: 35%
0.00148
Низкий
8.6 High
CVSS3
5.9 Medium
CVSS3
Дефекты
CWE-295
CWE-295