Vulnerability CVE-2013-1405


Published: 2013-02-15

Description:
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Vmware -> Vcenter server 
Vmware -> Vi-client 
Vmware -> Virtualcenter 
Vmware -> Vsphere client 
Vmware -> ESX 
Vmware -> ESXI 

 References:
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Copyright 2021, cxsecurity.com

 

Back to Top