CVE-2006-5990

medium VMware
CVSS v3 Base Score
4.0
AV:N/AC:H/Au:N/C:N/I:P/A:P
EPSS Score
0.4%
Exploitation probability in 30 days
Top 41% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
None
Integrity
P
Availability
P
Published: November 21, 2006 (7114 days ago)
Last Modified: April 23, 2026
Vendor: VMware
Source: NVD

Description

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

CWE

CWE-20

Affected Products

vmware virtualcenter

References

🔗 kb.vmware.com 🔗 secunia.com 🔗 securitytracker.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com