| Vulnerability Name: | CVE-2013-1405 (CCN-81735) | ||||||||
| Assigned: | 2013-01-31 | ||||||||
| Published: | 2013-01-31 | ||||||||
| Updated: | 2013-02-15 | ||||||||
| Summary: | VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-1405 Source: CCN Type: SA52047 VMware vSphere Products Client-Side Authentication Vulnerability Source: CCN Type: SA52061 VMware ESX Server Multiple Vulnerabilities Source: CCN Type: SA52062 VMware ESXi Multiple Vulnerabilities Source: CCN Type: BID-57666 Multiple VMware Products Client-Side Authentication Memory Corruption Vulnerability Source: CCN Type: VMSA-2013-0001 VMware vSphere security updates for the authentication service and third party libraries Source: CONFIRM Type: Vendor Advisory http://www.vmware.com/security/advisories/VMSA-2013-0001.html Source: XF Type: UNKNOWN vmware-vsphere-code-exec(81735) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration 5: Configuration 6: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||