CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
vmwarevcenter_server
4.0:update_4
vmwarevcenter_server
4.1:update_3
vmwarevirtualcenter
2.5
vmwarevsphere_client
4.0:update_4
vmwarevsphere_client
4.1:update_3
vmwarevi-client
2.5
vmwareesxi
3.5
vmwareesxi
3.5:1
vmwareesxi
4.0
vmwareesxi
4.0:1
vmwareesxi
4.0:2
vmwareesxi
4.0:3
vmwareesxi
4.0:4
vmwareesxi
4.1
vmwareesx
3.5
vmwareesx
3.5:update1
vmwareesx
3.5:update2
vmwareesx
3.5:update3
vmwareesx
4.0
vmwareesx
4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vmware.com/security/advisories/VMSA-2013-0001.html
http://www.vmware.com/security/advisories/VMSA-2013-0001.html