CVE-2013-1405

2013-02-1512:09:00

CWE-287

[email protected]

web.nvd.nist.gov

vmware

vcenter server

virtualcenter

vsphere client

vi-client

esxi

esx

vulnerability

cve-2013-1405

nvd

security

update

7.9 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

57.7%

JSON

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CPENameOperatorVersion
vmware:vcenter_servervmware vcenter servereq4.0
vmware:vcenter_servervmware vcenter servereq4.1
vmware:virtualcentervmware virtualcentereq2.5
vmware:vsphere_clientvmware vsphere clienteq4.0
vmware:vsphere_clientvmware vsphere clienteq4.1
vmware:vi-clientvmware vi-clienteq2.5
vmware:esxivmware esxieq4.1
vmware:esxivmware esxieq4.0
vmware:esxivmware esxieq3.5
vmware:esxvmware esxeq3.5

CPE	Name	Operator	Version
vmware:vcenter_server	vmware vcenter server	eq	4.0
vmware:vcenter_server	vmware vcenter server	eq	4.1
vmware:virtualcenter	vmware virtualcenter	eq	2.5
vmware:vsphere_client	vmware vsphere client	eq	4.0
vmware:vsphere_client	vmware vsphere client	eq	4.1
vmware:vi-client	vmware vi-client	eq	2.5
vmware:esxi	vmware esxi	eq	4.1
vmware:esxi	vmware esxi	eq	4.0
vmware:esxi	vmware esxi	eq	3.5
vmware:esx	vmware esx	eq	3.5