CVE-2006-5990 - Vulnerability Details - OpenCVE

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Virtualcenter

Configuration 1 [-]

OR	cpe:2.3:a:vmware:virtualcenter:1.4.1:::::::*
	cpe:2.3:a:vmware:virtualcenter:2.0.1:::::::*

No data.

References

Link	Providers
http://kb.vmware.com/kb/4646606
http://secunia.com/advisories/23053
http://securitytracker.com/id?1017270
http://www.securityfocus.com/archive/1/452275/100/0/threaded
http://www.securityfocus.com/bid/21231
http://www.vmware.com/download/vi/vc-201-200611-patch.html
http://www.vupen.com/english/advisories/2006/4655
https://exchange.xforce.ibmcloud.com/vulnerabilities/30477

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-21T01:00:00

Updated: 2024-08-07T20:12:31.364Z

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5990

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-21T01:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5990

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4655", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4655"}, {"name": "1017270", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017270"}, {"name": "20061121 VMSA-2006-0010 - SSL sessions not authenticated by VC Clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/4646606"}, {"name": "23053", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23053"}, {"name": "21231", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21231"}, {"name": "vmware-virtualcenter-x509-mitm(30477)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5990", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4655", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4655"}, {"name": "1017270", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017270"}, {"name": "20061121 VMSA-2006-0010 - SSL sessions not authenticated by VC Clients", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded"}, {"name": "http://www.vmware.com/download/vi/vc-201-200611-patch.html", "refsource": "MISC", "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html"}, {"name": "http://kb.vmware.com/kb/4646606", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/4646606"}, {"name": "23053", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23053"}, {"name": "21231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21231"}, {"name": "vmware-virtualcenter-x509-mitm(30477)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.364Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4655", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4655"}, {"name": "1017270", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017270"}, {"name": "20061121 VMSA-2006-0010 - SSL sessions not authenticated by VC Clients", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/kb/4646606"}, {"name": "23053", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23053"}, {"name": "21231", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21231"}, {"name": "vmware-virtualcenter-x509-mitm(30477)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5990", "datePublished": "2006-11-21T01:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2024-08-07T20:12:31.364Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:virtualcenter:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "3CE3C34C-EC77-4C5B-8B0C-130BAF2776D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:virtualcenter:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B422C79D-ACB5-4650-9542-0AA562296286", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack."}, {"lang": "es", "value": "El cliente VMWare VirtualCenter 2.x anterior a 2.0.1 Patch 1 (Build 33463) y 1.4.x anterior a 1.4.1 Patch 1 (Build 33425), cuando la verificaci\u00f3n de certificados de servidor est\u00e1 habilitada, no verifica el certificado X.509 del servidor cuando crea una sesi\u00f3n SSL, lo cual permite a servidores remotos maliciosos suplantar a servidores v\u00e1lidos mediante un ataque de \"hombre en medio\" (man-in-the-middle)."}], "id": "CVE-2006-5990", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-21T01:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://kb.vmware.com/kb/4646606"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23053"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017270"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21231"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/4655"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.vmware.com/kb/4646606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23053"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452275/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21231"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.vmware.com/download/vi/vc-201-200611-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/4655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30477"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}