CVE-2011-1789

CWE-3103 documents3 sources

Severity

5.0MEDIUM

EPSS

0.4%

top 41.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Vmware Esxi Vmware Vcenter

Timeline

PublishedMay 9

Latest updateMay 17

Description

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDvmware/esxi4.0, 4.1+1

▶NVDvmware/vcenter4.0, 4.1+1

▶NVDvmware/esx4.0, 4.1+1

Patches

Patch: lists.vmware.com ↗Patch: www.vmware.com ↗Patch: lists.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qx7-92qm-xvhr: The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4↗2022-05-17

▶

CVEList

CVE-2011-1789: The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4↗2011-05-09

▶