CVE-2006-5990

CWE-20Improper Input Validation3 documents3 sources
Severity
4.0MEDIUM
EPSS
0.4%
top 41.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Virtualcenter
Timeline
PublishedNov 21
Latest updateMay 1

Description

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

CVSS vector

AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

NVDvmware/virtualcenter1.4.1, 2.0.1+1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-jr99-r38w-q3wj: VMWare VirtualCenter client 22022-05-01
CVEList
CVE-2006-5990: VMWare VirtualCenter client 22006-11-21
CVE-2006-5990 (MEDIUM CVSS 4) | VMWare VirtualCenter client 2.x bef | cvebase.io