CVE-2013-1659

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
vmwarevcenter_server
4.0
vmwarevcenter_server
4.0:update_1
vmwarevcenter_server
4.0:update_2
vmwarevcenter_server
4.0:update_3
vmwarevcenter_server
4.0:update_4
vmwarevcenter_server
4.0:update_4a
vmwarevcenter_server_appliance
5.1
vmwarevcenter_server_appliance
5.1.0a:a
vmwarevcenter_server
5.0
vmwarevcenter_server
5.0:update_1
vmwareesxi
3.5
vmwareesxi
3.5:1
vmwareesxi
4.0
vmwareesxi
4.0:1
vmwareesxi
4.0:2
vmwareesxi
4.0:3
vmwareesxi
4.0:4
vmwareesxi
4.1
vmwareesxi
4.1:1
vmwareesxi
4.1:2
vmwareesxi
5.0
vmwareesxi
5.0:1
vmwareesxi
5.0:2
vmwareesxi
5.1
vmwareesxi
3.5
vmwareesxi
3.5:1
vmwareesxi
4.0
vmwareesxi
4.0:1
vmwareesxi
4.0:2
vmwareesxi
4.0:3
vmwareesxi
4.0:4
vmwareesxi
4.1
𝑥
= Vulnerable software versions
References
http://www.vmware.com/security/advisories/VMSA-2013-0003.html
http://www.vmware.com/security/advisories/VMSA-2013-0003.html