VMware vSphere updates address multiple vulnerabilities

ID VMSA-2013-0012
Type vmware
Reporter VMware
Modified 2014-01-16T00:00:00


a. VMware ESXi and ESX contain a vulnerability in hostd-vmdb.

To exploit this vulnerability, an attacker must intercept and
modify the management traffic. Exploitation of the issue may lead
to a Denial of Service of the hostd-vmdb service.

To reduce the likelihood of exploitation, vSphere components
should be deployed on an isolated management network.

VMware would like to thank Alex Chapman of Context Information
Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-5970 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is