CVE-2013-1405
CVSS V2 High 10
CVSS V3 None
Description
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Overview
- CVE ID
- CVE-2013-1405
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2013-02-15T12:09:29
- Last Modified Date
- 2013-02-15T12:09:29
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 10
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 10
References
| Reference URL | Reference Tags |
|---|---|
| http://www.vmware.com/security/advisories/VMSA-2013-0001.html | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2013-1405 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1405 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:47:23 | Added to TrackCVE |