Vulnerability CVE-2008-3514

Vulnerability Name:

CVE-2008-3514 (CCN-44425)

Assigned:

2008-08-12

Published:

2008-08-12

Updated:

2018-10-11

Summary:

VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign permissions to other system users."
Patch information with appropriate login and password:

http://www.vmware.com/security/advisories/VMSA-2008-0012.html

4. Solution

Please review the patch/release notes for your product and version
and verify the md5sum of your downloaded file.

VirtualCenter
-------------

VMware VirtualCenter 2.5 Update 2 build 104263
www.vmware.com/download/download.do
DVD iso image
md5sum: 83de404fa073bc1fde9acd080f21e688
Zip file
md5sum: 3297f1e47c6b018ac8190f11bd022d5b
Release Notes
www.vmware.com/support/vi3/doc/vi3_esx35u2_vc25u2_rel_notes.html

VMware VirtualCenter 2.0.2 Update 5 build 104182
www.vmware.com/downloads/download.do
DVD iso image
md5sum: 5fee5d2d97b482e0d0cb47da7d8e7c34
Zip file
md5sum: cd468aab309745c12ee5516652aafbcb
Release Notes
www.vmware.com/support/vi3/doc/releasenotes_vc202u5.html

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None