This script is (C) 2013-2015 Tenable Network Security, Inc.
The remote VMware ESXi 5.0 host is affected by multiple security
The remote VMware ESXi 5.0 host is affected by the following security
- Multiple errors exist related to OpenSSL that could
allow information disclosure or denial of service
attacks. (CVE-2013-0166, CVE-2013-0169)
- An error exists in the libxml2 library related to the
expansion of XML internal entities. An attacker can
exploit this to cause a denial of service. (CVE-2013-0338)
- An unspecified error exists related to 'hostd-vmdb'. An
attacker can exploit this to cause a denial of service.
- An error exists in the handling of certain Virtual
Machine file descriptors. This may allow an unprivileged
user with the 'Add Existing Disk' privilege to obtain
read and write access to arbitrary files, possibly
leading to arbitrary code execution after a host reboot.
- A NULL pointer dereference flaw exists in the handling
of Network File Copy (NFC) traffic. This issue may lead
to a denial of service if an attacker intercepts and
modifies the NFC traffic. (CVE-2014-1207)
- A denial of service vulnerability exists in the handling
of invalid ports that could allow a guest user to crash
the VMX process. (CVE-2014-1208)
See also :
Apply patch ESXi500-201310101-SG, ESXi500-201310201-UG, or
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 6.2
Public Exploit Available : false
Nessus Plugin ID: 70879 ()
Bugtraq ID: 57778581806026863216644916499464995
CVE ID: CVE-2013-0166CVE-2013-0169CVE-2013-0338CVE-2013-5970CVE-2013-5973CVE-2014-1207CVE-2014-1208
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.