Vulnerability Name:

CVE-2008-2101 (CCN-44797)

Assigned:2008-08-29
Published:2008-08-29
Updated:2018-10-11
Summary:The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Fri Aug 29 2008 - 19:08:36 CDT
VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

Source: MITRE
Type: CNA
CVE-2008-2101

Source: FULLDISC
Type: UNKNOWN
20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

Source: CCN
Type: SA31713
VMware ESX / ESXi Server Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31713

Source: GENTOO
Type: UNKNOWN
GLSA-201209-25

Source: SREASON
Type: UNKNOWN
4202

Source: CCN
Type: SECTRACK ID: 1020794
VMware ESX VMware Consolidated Backup Utilities May Disclose Passwords to Local Users

Source: SECTRACK
Type: UNKNOWN
1020794

Source: CCN
Type: OSVDB ID: 48254
VMware ESX / ESXi VMware Consolidated Backup (VCB) Multiple Utility Command Line Cleartext Password Disclosure

Source: BUGTRAQ
Type: UNKNOWN
20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

Source: BID
Type: UNKNOWN
30937

Source: CCN
Type: BID-30937
VMware Consolidated Backup (VCB) User Password Information Disclosure Vulnerability

Source: CCN
Type: VMware Web site
VMware ACE Enterprise Desktop Management, Virtual Machines - VMware

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0014.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-2466

Source: XF
Type: UNKNOWN
vmware-esx-vcb-info-disclosure(44797)

Source: XF
Type: UNKNOWN
vmware-esx-vcb-info-disclosure(44797)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx:3.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware esx 3.0.1
    vmware esx 3.0.2
    vmware esx 3.0.3
    vmware esx 3.5
    vmware esx server 3.5
    vmware esx server 3.0.3