VMware ESX/ESXi CIM Services Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote VMware ESXi / ESX host is missing a security-related

Description :

The remote VMware ESXi / ESX host is potentially affected by the
following vulnerabilities :

- A buffer overflow flaw exists that allows remote,
authenticated attackers to execute arbitrary code.

- A directory traversal flaw exists that allows remote
attackers to delete arbitrary files. (CVE-2013-3658)

Note that the vendor has not publicly acknowledged these flaws.

See also :


Solution :

The vendor reportedly has silently patched these issues in the
following releases :

- ESX/ESXi 4.0: Patch 201203401
- ESX/ESXi 4.1: Patch 201201401
- ESXi 5.0: Patch 201203101

Risk factor :

High / CVSS Base Score : 9.4
CVSS Temporal Score : 7.0
Public Exploit Available : false

Family: VMware ESX Local Security Checks

Nessus Plugin ID: 70448 ()

Bugtraq ID: 62316

CVE ID: CVE-2013-3657