CVE-2013-1405

HIGH

Description

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

References

http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Details

Source: MITRE

Published: 2013-02-15

Updated: 2013-02-15

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
89661VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)NessusMisc.
critical
64642VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party librariesNessusVMware ESX Local Security Checks
critical
64559VMware vSphere Client Memory Corruption (VMSA-2013-0001)NessusWindows
critical