MitreCVE-2013-1405CVE-2013-1405
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
64.5%
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vmware | vcenter_server | 4.0 | cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:* |
| vmware | vcenter_server | 4.1 | cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:* |
| vmware | virtualcenter | 2.5 | cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:* |
| vmware | vsphere_client | 4.0 | cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:* |
| vmware | vsphere_client | 4.1 | cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:* |
| vmware | vi-client | 2.5 | cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:* |
| vmware | esxi | 3.5 | cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:* |
| vmware | esxi | 3.5 | cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:* |
| vmware | esxi | 4.0 | cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:* |
| vmware | esxi | 4.0 | cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
64.5%