Vulnerability Description
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Server | 4.0 |
| Vmware | Virtualcenter | 2.5 |
| Vmware | Vsphere Client | 4.0 |
| Vmware | Vi-Client | 2.5 |
| Vmware | Esxi | 3.5 |
| Vmware | Esx | 3.5 |
Related Weaknesses (CWE)
References
- http://www.vmware.com/security/advisories/VMSA-2013-0001.htmlVendor Advisory
- http://www.vmware.com/security/advisories/VMSA-2013-0001.htmlVendor Advisory
FAQ
What is CVE-2013-1405?
CVE-2013-1405 is a vulnerability with a CVSS score of 10.0 (HIGH). VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3....
How severe is CVE-2013-1405?
CVE-2013-1405 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1405?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Server, Vmware Virtualcenter, Vmware Vsphere Client, Vmware Vi-Client, Vmware Esxi.