CVE-2016-2079 — Sensitive Information Exposure in Vmware NSX Edge

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 39.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware NSX Edge Vmware Vcloud Networking AND Security Edge Vmware NSX +1 more

Timeline

PublishedJul 3

Latest updateMay 17

Description

VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDvmware/nsx_edge9 versions+8

▶NVDvmware/vcloud_networking_and_security_edge7 versions+6

▶vmwarevmware/vsphere

▶vmwarevmware/vmware_nsx

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-384x-vf8j-86f2: VMware NSX Edge 6↗2022-05-17

▶

📋Vendor Advisories

VMware

VMware NSX and vCNS product updates address a critical information disclosure vulnerability↗2016-06-09

▶