Vulnerability Details : CVE-2015-6932
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Products affected by CVE-2015-6932
- cpe:2.3:a:vmware:vcenter_server:5.5:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:1:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:1a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:1b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:1c:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:2:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:2b:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:2d:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:5.5:2e:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:-:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:a:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:6.0:b:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6932
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6932
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2015-6932
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6932
-
http://www.securitytracker.com/id/1033582
VMware vCenter Server Lets Remote Users Bypass LDAP Certificate Validation to Access Data Transmitted by the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.vmware.com/security/advisories/VMSA-2015-0006.html
VMSA-2015-0006.1Vendor Advisory
Jump to