CVE-2013-5973

MEDIUM

Description

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

References

http://jvn.jp/en/jp/JVN13154935/index.html

http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html

http://osvdb.org/101387

http://www.securityfocus.com/archive/1/530482/100/0/threaded

http://www.securityfocus.com/bid/64491

http://www.securitytracker.com/id/1029529

http://www.vmware.com/security/advisories/VMSA-2013-0016.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/89938

Details

Source: MITRE

Published: 2013-12-23

Updated: 2018-10-09

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM