CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.vmware.com/security/advisories/VMSA-2013-0001.html	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:vcenter_server:4.1:update_3::::::
	cpe:2.3:a:vmware:vcenter_server:4.0:update_4::::::

Configuration 2 (hide)

cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:vmware:vsphere_client:4.0:update_4::::::
	cpe:2.3:a:vmware:vsphere_client:4.1:update_3::::::

Configuration 4 (hide)

cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:o:vmware:esxi:3.5:::::::*
	cpe:2.3:o:vmware:esxi:4.1:::::::*
	cpe:2.3:o:vmware:esxi:3.5:1::::::
	cpe:2.3:o:vmware:esxi:4.0:3::::::
	cpe:2.3:o:vmware:esxi:4.0:2::::::
	cpe:2.3:o:vmware:esxi:4.0:1::::::
	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.0:4::::::

Configuration 6 (hide)

OR	cpe:2.3:o:vmware:esx:3.5:update3::::::
	cpe:2.3:o:vmware:esx:3.5:update1::::::
	cpe:2.3:o:vmware:esx:3.5:update2::::::
	cpe:2.3:o:vmware:esx:4.0:::::::*
	cpe:2.3:o:vmware:esx:4.1:::::::*
	cpe:2.3:o:vmware:esx:3.5:::::::*

Information

Published : 2013-02-15 04:09

Updated : 2013-02-15 04:09

NVD link : CVE-2013-1405

Mitre link : CVE-2013-1405

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

vmware

esx
vi-client
virtualcenter
vcenter_server
esxi
vsphere_client

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html", "name": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1405", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-02-15T12:09Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-02-15T12:09Z"}