VMware ESX / ESXi VMCI Privilege Escalation (VMSA-2013-0002) (remote check)

High Nessus Plugin ID 89662


The remote VMware ESX / ESXi host is missing a security-related patch.


The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by a privilege escalation vulnerability in the Virtual Machine Communication Interface (VMCI) due to improper handling of control code in vmci.sys. A local attacker can exploit this to change memory allocation, resulting in an escalation of privileges on Windows-based guest operating systems.

Note that systems with VMCI disabled are still affected by the vulnerability.


Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 or ESXi version 4.0 / 4.1.

See Also


Plugin Details

Severity: High

ID: 89662

File Name: vmware_esx_VMSA-2013-0002_remote.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Misc.

Published: 2016/03/04

Modified: 2016/03/07

Dependencies: 57396

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/02/07

Vulnerability Publication Date: 2013/02/07

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-1406

BID: 57867

OSVDB: 90019

VMSA: 2013-0002