CVE-2013-1405
Summary
| CVE | CVE-2013-1405 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-02-15 12:09:00 UTC |
| Updated | 2013-02-15 12:09:00 UTC |
| Description | VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Vmware | Esx | 3.5 | All | All | All |
| Operating System | Vmware | Esx | 3.5 | update1 | All | All |
| Operating System | Vmware | Esx | 3.5 | update2 | All | All |
| Operating System | Vmware | Esx | 3.5 | update3 | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
| Operating System | Vmware | Esx | 3.5 | All | All | All |
| Operating System | Vmware | Esx | 3.5 | update1 | All | All |
| Operating System | Vmware | Esx | 3.5 | update2 | All | All |
| Operating System | Vmware | Esx | 3.5 | update3 | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
| Operating System | Vmware | Esxi | 3.5 | All | All | All |
| Operating System | Vmware | Esxi | 3.5 | 1 | All | All |
| Operating System | Vmware | Esxi | 4.0 | All | All | All |
| Operating System | Vmware | Esxi | 4.0 | 1 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 2 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 3 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 4 | All | All |
| Operating System | Vmware | Esxi | 4.1 | All | All | All |
| Operating System | Vmware | Esxi | 3.5 | All | All | All |
| Operating System | Vmware | Esxi | 3.5 | 1 | All | All |
| Operating System | Vmware | Esxi | 4.0 | All | All | All |
| Operating System | Vmware | Esxi | 4.0 | 1 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 2 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 3 | All | All |
| Operating System | Vmware | Esxi | 4.0 | 4 | All | All |
| Operating System | Vmware | Esxi | 4.1 | All | All | All |
| Application | Vmware | Vcenter Server | 4.0 | update_4 | All | All |
| Application | Vmware | Vcenter Server | 4.1 | update_3 | All | All |
| Application | Vmware | Vcenter Server | 4.0 | update_4 | All | All |
| Application | Vmware | Vcenter Server | 4.1 | update_3 | All | All |
| Application | Vmware | Vi-client | 2.5 | All | All | All |
| Application | Vmware | Vi-client | 2.5 | All | All | All |
| Application | Vmware | Virtualcenter | 2.5 | All | All | All |
| Application | Vmware | Virtualcenter | 2.5 | All | All | All |
| Application | Vmware | Vsphere Client | 4.0 | update_4 | All | All |
| Application | Vmware | Vsphere Client | 4.1 | update_3 | All | All |
| Application | Vmware | Vsphere Client | 4.0 | update_4 | All | All |
| Application | Vmware | Vsphere Client | 4.1 | update_3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VMSA-2013-0001.2 | CONFIRM | www.vmware.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.