Lucene search

K
vmwareVMwareVMSA-2012-0016
HistoryNov 15, 2012 - 12:00 a.m.

VMware security updates for vSphere API and ESX Service Console

2012-11-1500:00:00
www.vmware.com
46

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

0.904 High

EPSS

Percentile

98.8%

a. VMware vSphere API denial of service vulnerabilityThe VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected.VMware would like to thank Sebastián Tello of Core Security Technologies for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

0.904 High

EPSS

Percentile

98.8%