Vulnerability CVE-2014-3796 - CERT Civis.Net

Vulnerability Name:

CVE-2014-3796 (CCN-95926)

Assigned:

2014-09-11

Published:

2014-09-11

Updated:

2017-08-29

Summary:

VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-3796

Source: CCN
Type: Full Disclosure Mailing List, Thu, 11 Sep 2014 18:21:04 +0000
NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability

Source: SECUNIA
Type: UNKNOWN
59938

Source: CCN
Type: BID-69756
VMware NSX and vCNS CVE-2014-3796 Unspecified Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1030835

Source: CCN
Type: VMware Security Advisory VMSA-2014-0009
VMware NSX and vCNS product updates address a critical information disclosure vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0009.html

Source: XF
Type: UNKNOWN
vmware-vcns-cve20143796-info-disc(95926)

Source: XF
Type: UNKNOWN
vmware-vcns-cve20143796-info-disc(95926)

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:nsx:6.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:nsx:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:nsx:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:nsx:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:nsx:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:nsx:6.0.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.4.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.5.0a:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.5.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.5.2.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:vmware:vcloud_networking_and_security:5.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcloud_networking_and_security:5.1.4:*:*:*:*:*:*:*

Denotes that component is vulnerable