VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.


a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution.To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management networkVMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Affected Software

CPE Name Name Version
vcenter server vCenter Server 5.1.0b
vcenter server vCenter Server 5.0 Update 2
vcenter server vCenter Server 4.0 Update 4b
esxi ESXi510-201212101-SG
esxi ESXi500-201212101-SG
esxi ESXi410-201301401-SG
esxi ESXi400-201302401-SG
esx ESX410-201301401-SG
esx ESX400-201302401-SG
esx ESX350-201302401-SG
vcenter server 4.0
virtualcenter VirtualCenter 2.5 Update 6c
esx 4.0