Virtual Storage Console For Vmware Vsphere
CVE-2016-5711
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
AnalysisAI
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. Affected products include: Netapp Virtual Storage Console For Vmware Vsphere. Version information: before 6.2.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while hand
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory
A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. Rated medium s
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today