CVE-2013-1405

HIGH

Description

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

References

http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Details

Source: MITRE

Published: 2013-02-15

Updated: 2013-02-15

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
89661	VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)	Nessus	Misc.	critical
64642	VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries	Nessus	VMware ESX Local Security Checks	critical
64559	VMware vSphere Client Memory Corruption (VMSA-2013-0001)	Nessus	Windows	high