Lucene search

K
vmwareVMwareVMSA-2013-0001
HistoryJan 31, 2013 - 12:00 a.m.

VMware vSphere security updates for the authentication service and third party libraries

2013-01-3100:00:00
www.vmware.com
18

0.343 Low

EPSS

Percentile

96.7%

a. VMware vSphere client-side authentication memory corruption vulnerability

VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network.

The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.
Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.