CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.vmware.com/security/advisories/VMSA-2013-0001.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:vcenter_server:4.0:update_4::::::
	cpe:2.3:a:vmware:vcenter_server:4.1:update_3::::::

Configuration 2 (hide)

cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:vmware:vsphere_client:4.0:update_4::::::
	cpe:2.3:a:vmware:vsphere_client:4.1:update_3::::::

Configuration 4 (hide)

cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:o:vmware:esxi:3.5:::::::*
	cpe:2.3:o:vmware:esxi:3.5:1::::::
	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.0:1::::::
	cpe:2.3:o:vmware:esxi:4.0:2::::::
	cpe:2.3:o:vmware:esxi:4.0:3::::::
	cpe:2.3:o:vmware:esxi:4.0:4::::::
	cpe:2.3:o:vmware:esxi:4.1:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:vmware:esx:3.5:::::::*
	cpe:2.3:o:vmware:esx:3.5:update1::::::
	cpe:2.3:o:vmware:esx:3.5:update2::::::
	cpe:2.3:o:vmware:esx:3.5:update3::::::
	cpe:2.3:o:vmware:esx:4.0:::::::*
	cpe:2.3:o:vmware:esx:4.1:::::::*

History

No history.

Information

Published : 2013-02-15 12:09

Updated : 2024-02-04 18:16

NVD link : CVE-2013-1405

Mitre link : CVE-2013-1405

CVE.ORG link : CVE-2013-1405

JSON object : View

Products Affected

vmware

esxi
virtualcenter
esx
vsphere_client
vi-client
vcenter_server

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-1405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-15T12:09:29.227", "references": [{"url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."}, {"lang": "es", "value": "VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente Update v3a, VMware VirtualCenter v2.5, VMware vSphere Client v4.0 anteriormente Update v4b y 4.1 anteriormente Update v3a, VMware VI-Client v2.5, VMware ESXi v3.5 hasta v4.1, y VMware ESX v3.5 hasta v4.1 no implementa correctamente el protocolo de gesti\u00f3n de autentificaci\u00f3n, el cual permite a servidores remotos ejecutar c\u00f3digo o causar una denegaci\u00f3n de servicios en la memoria corrupta por vectores sin especificar."}], "lastModified": "2013-02-15T12:09:29.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDBAABE-D43C-491B-A3D2-8A625A8524E6"}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AA5E52-299B-4B2A-AB6C-909005831AD5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07E4CB7-7337-454A-8088-ADD06CDF39A3"}, {"criteria": "cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECE82311-7CA2-4E73-8EDB-AE399E14A860"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "671C0883-F9AE-45F9-9632-4373A4E93E80"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E"}, {"criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2"}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A5D726-3D38-44D5-B509-1B8B003903A0"}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4DA3B20-A743-4F37-A095-65161FFBEB73"}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF7C3C65-BE63-407E-9CFD-E571025C3E79"}, {"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE"}, {"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}