Lucene search

[email protected]CVE-2010-4573

HistoryDec 22, 2010 - 9:00 p.m.

CVE-2010-4573

2010-12-2221:00:19

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-4573

update installer

vmware esxi 4.1

sfcb.cfg

sfcb authentication

remote attackers

arbitrary username

password

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.

Affected configurations

NVD

Node

vmwareesxiMatch4.1

CPENameOperatorVersion
vmware:esxivmware esxieq4.1

CPE	Name	Operator	Version
vmware:esxi	vmware esxi	eq	4.1

References

kb.vmware.com/kb/1031761

lists.vmware.com/pipermail/security-announce/2010/000114.html

secunia.com/advisories/42591

securitytracker.com/id?1024917

www.securityfocus.com/archive/1/515420/100/0/threaded

www.securityfocus.com/bid/45543

www.vmware.com/security/advisories/VMSA-2010-0020.html

www.vupen.com/english/advisories/2010/3303

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2010-4573

nessus1 prion1 securityvulns2 cvelist1 vmware2 nvd1