CVE-2013-1405HIGH
Description
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
References
http://www.vmware.com/security/advisories/VMSA-2013-0001.html
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Configuration 4
OR
Configuration 5
OR
cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*
Configuration 6
OR
cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89661 | VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check) | Nessus | Misc. | critical |
| 64642 | VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries | Nessus | VMware ESX Local Security Checks | critical |
| 64559 | VMware vSphere Client Memory Corruption (VMSA-2013-0001) | Nessus | Windows | critical |