VMware vSphere updates address multiple vulnerabilities

2013-10-1700:00:00

www.vmware.com

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.057 Low

EPSS

Percentile

93.3%

JSON

a. VMware ESXi and ESX contain a vulnerability in hostd-vmdb.

To exploit this vulnerability, an attacker must intercept and modify the management traffic. Exploitation of the issue may lead to a Denial of Service of the hostd-vmdb service.

To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5970 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
esxiltESXi500-201310101-SG
esxiltESXi410-201307401-SG
esxiltESXi400-201305401-SG
esxltESX410-201307401-SG
esxltESX400-201305401-SG
vcenter serverlt5.0 Update 3
vcenter serverlt5.1 Update 2
vcenter servereq4.1
update managerlt5.1 Update 2
update managerlt5.0 Update 3

Name	Operator	Version
esxi	lt	ESXi500-201310101-SG
esxi	lt	ESXi410-201307401-SG
esxi	lt	ESXi400-201305401-SG
esx	lt	ESX410-201307401-SG
esx	lt	ESX400-201305401-SG
vcenter server	lt	5.0 Update 3
vcenter server	lt	5.1 Update 2
vcenter server	eq	4.1
update manager	lt	5.1 Update 2
update manager	lt	5.0 Update 3