Lucene search

MitreCVE-2013-5973

HistoryDec 23, 2013 - 3:42 p.m.

CVE-2013-5973

2013-12-2315:42:30

CWE-264

mitre

web.nvd.nist.gov

vmware

esxi

esx

vcenter server

cve-2013-5973

nvd

security vulnerability

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

Affected configurations

Nvd

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

Node

vmwareesxiMatch4.0

vmwareesxiMatch4.01

vmwareesxiMatch4.02

vmwareesxiMatch4.03

vmwareesxiMatch4.04

vmwareesxiMatch4.1

vmwareesxiMatch4.11

vmwareesxiMatch4.12

vmwareesxiMatch5.0

vmwareesxiMatch5.01

vmwareesxiMatch5.02

vmwareesxiMatch5.1

vmwareesxiMatch5.11

vmwareesxiMatch5.5

VendorProductVersionCPE
vmwareesx4.0cpe:/o:vmware:esx:4.0:::
vmwareesx4.1cpe:/o:vmware:esx:4.1:::

Vendor	Product	Version	CPE
vmware	esx	4.0	cpe:/o:vmware:esx:4.0:::
vmware	esx	4.1	cpe:/o:vmware:esx:4.1:::

References

jvn.jp/en/jp/JVN13154935/index.html

jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html

osvdb.org/101387

www.securityfocus.com/archive/1/530482/100/0/threaded

www.securityfocus.com/bid/64491

www.securitytracker.com/id/1029529

www.vmware.com/security/advisories/VMSA-2013-0016.html

exchange.xforce.ibmcloud.com/vulnerabilities/89938

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-5973